Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-31790 (GCVE-0-2026-31790)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.6.0 , < 3.6.2
(semver)
Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-31790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:32:04.700201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T14:32:37.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:06.208Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Simo Sorce (Red Hat)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nikola Pajkovsky"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Applications using RSASVE key encapsulation to establish\u003cbr\u003ea secret encryption key can send contents of an uninitialized memory buffer to\u003cbr\u003ea malicious peer.\u003cbr\u003e\u003cbr\u003eImpact summary: The uninitialized buffer might contain sensitive data from the\u003cbr\u003eprevious execution of the application process which leads to sensitive data\u003cbr\u003eleakage to an attacker.\u003cbr\u003e\u003cbr\u003eRSA_public_encrypt() returns the number of bytes written on success and -1\u003cbr\u003eon error. The affected code tests only whether the return value is non-zero.\u003cbr\u003eAs a result, if RSA encryption fails, encapsulation can still return success to\u003cbr\u003ethe caller, set the output lengths, and leave the caller to use the contents of\u003cbr\u003ethe ciphertext buffer as if a valid KEM ciphertext had been produced.\u003cbr\u003e\u003cbr\u003eIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\u003cbr\u003eattacker-supplied invalid RSA public key without first validating that key,\u003cbr\u003ethen this may cause stale or uninitialized contents of the caller-provided\u003cbr\u003eciphertext buffer to be disclosed to the attacker in place of the KEM\u003cbr\u003eciphertext.\u003cbr\u003e\u003cbr\u003eAs a workaround calling EVP_PKEY_public_check() or\u003cbr\u003eEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\u003cbr\u003ethe issue.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."
}
],
"value": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:56.698Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-31790",
"datePublished": "2026-04-07T22:00:56.698Z",
"dateReserved": "2026-03-09T15:56:53.191Z",
"dateUpdated": "2026-05-12T12:09:06.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-31790",
"date": "2026-07-12",
"epss": "0.00981",
"percentile": "0.58127"
},
"microsoft_vex": {
"current_release_date": "2026-04-10T14:39:43.000Z",
"cve": "CVE-2026-31790",
"id": "msrc_CVE-2026-31790",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"product_status:fixed": "1",
"product_status:known_affected": "1",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-31790.json",
"version": "2"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31790\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-04-07T22:16:21.770\",\"lastModified\":\"2026-06-17T10:34:28.237\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: Applications using RSASVE key encapsulation to establish\\na secret encryption key can send contents of an uninitialized memory buffer to\\na malicious peer.\\n\\nImpact summary: The uninitialized buffer might contain sensitive data from the\\nprevious execution of the application process which leads to sensitive data\\nleakage to an attacker.\\n\\nRSA_public_encrypt() returns the number of bytes written on success and -1\\non error. The affected code tests only whether the return value is non-zero.\\nAs a result, if RSA encryption fails, encapsulation can still return success to\\nthe caller, set the output lengths, and leave the caller to use the contents of\\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\\n\\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\\nattacker-supplied invalid RSA public key without first validating that key,\\nthen this may cause stale or uninitialized contents of the caller-provided\\nciphertext buffer to be disclosed to the attacker in place of the KEM\\nciphertext.\\n\\nAs a workaround calling EVP_PKEY_public_check() or\\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\\nthe issue.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.\"}],\"affected\":[{\"source\":\"openssl-security@openssl.org\",\"affectedData\":[{\"vendor\":\"OpenSSL\",\"product\":\"OpenSSL\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"3.6.0\",\"lessThan\":\"3.6.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.5.0\",\"lessThan\":\"3.5.6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.4.0\",\"lessThan\":\"3.4.5\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.3.0\",\"lessThan\":\"3.3.7\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.0.0\",\"lessThan\":\"3.0.20\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"SIMATIC CN 4100\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V5.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-08T14:32:04.700201Z\",\"id\":\"CVE-2026-31790\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.20\",\"matchCriteriaId\":\"B28A8143-89A4-4332-A1F8-A65FB5AA829F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.7\",\"matchCriteriaId\":\"CF303B21-D9BF-461D-B7B0-A3FE1D557A9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.5\",\"matchCriteriaId\":\"DCCE43D0-8F17-475D-9EE6-842F758A9905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.6\",\"matchCriteriaId\":\"F6BC0271-444D-4597-BF05-DC60034EAA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.2\",\"matchCriteriaId\":\"4A9E621D-29D8-418A-BF37-BED333C14507\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://openssl-library.org/news/secadv/20260407.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-01T09:35:52+00:00",
"cve": "CVE-2026-31790",
"id": "CVE-2026-31790",
"initial_release_date": "2026-04-07T00:00:00+00:00",
"product_status:fixed": "232",
"product_status:known_affected": "11",
"product_status:known_not_affected": "47",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31790.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-31790\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-08T14:32:04.700201Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-08T14:18:22.785Z\"}}], \"cna\": {\"title\": \"Incorrect Failure Handling in RSA KEM RSASVE Encapsulation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Simo Sorce (Red Hat)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Nikola Pajkovsky\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"Moderate\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.20\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-07T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20260407.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482\", \"name\": \"3.6.2 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac\", \"name\": \"3.5.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790\", \"name\": \"3.4.5 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406\", \"name\": \"3.3.7 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e\", \"name\": \"3.0.20 git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: Applications using RSASVE key encapsulation to establish\\na secret encryption key can send contents of an uninitialized memory buffer to\\na malicious peer.\\n\\nImpact summary: The uninitialized buffer might contain sensitive data from the\\nprevious execution of the application process which leads to sensitive data\\nleakage to an attacker.\\n\\nRSA_public_encrypt() returns the number of bytes written on success and -1\\non error. The affected code tests only whether the return value is non-zero.\\nAs a result, if RSA encryption fails, encapsulation can still return success to\\nthe caller, set the output lengths, and leave the caller to use the contents of\\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\\n\\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\\nattacker-supplied invalid RSA public key without first validating that key,\\nthen this may cause stale or uninitialized contents of the caller-provided\\nciphertext buffer to be disclosed to the attacker in place of the KEM\\nciphertext.\\n\\nAs a workaround calling EVP_PKEY_public_check() or\\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\\nthe issue.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: Applications using RSASVE key encapsulation to establish\u003cbr\u003ea secret encryption key can send contents of an uninitialized memory buffer to\u003cbr\u003ea malicious peer.\u003cbr\u003e\u003cbr\u003eImpact summary: The uninitialized buffer might contain sensitive data from the\u003cbr\u003eprevious execution of the application process which leads to sensitive data\u003cbr\u003eleakage to an attacker.\u003cbr\u003e\u003cbr\u003eRSA_public_encrypt() returns the number of bytes written on success and -1\u003cbr\u003eon error. The affected code tests only whether the return value is non-zero.\u003cbr\u003eAs a result, if RSA encryption fails, encapsulation can still return success to\u003cbr\u003ethe caller, set the output lengths, and leave the caller to use the contents of\u003cbr\u003ethe ciphertext buffer as if a valid KEM ciphertext had been produced.\u003cbr\u003e\u003cbr\u003eIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\u003cbr\u003eattacker-supplied invalid RSA public key without first validating that key,\u003cbr\u003ethen this may cause stale or uninitialized contents of the caller-provided\u003cbr\u003eciphertext buffer to be disclosed to the attacker in place of the KEM\u003cbr\u003eciphertext.\u003cbr\u003e\u003cbr\u003eAs a workaround calling EVP_PKEY_public_check() or\u003cbr\u003eEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\u003cbr\u003ethe issue.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754 Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2026-04-07T22:00:56.698Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-31790\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-08T14:32:37.439Z\", \"dateReserved\": \"2026-03-09T15:56:53.191Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2026-04-07T22:00:56.698Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:27201
Vulnerability from csaf_redhat - Published: 2026-06-22 15:13 - Updated: 2026-07-09 22:58A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service (DoS). The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
A flaw was found in mod_proxy_ajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP (Apache JServ Protocol) server, to send a specially crafted message. This message can cause mod_proxy_ajp to write attacker-controlled data beyond a heap-based buffer, potentially leading to arbitrary code execution or a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
A flaw was found in the mod_md module of httpd. When processing OCSP (Online Certificate Status Protocol) responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the ajp_parse_data function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 3, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)\n* jbcs-httpd24-httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)\n* jbcs-httpd24-mod_http2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)\n* mod_proxy_ajp.so: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)\n* mod_proxy_ajp.so: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)\n* mod_authn_socache.so: NULL pointer dereference can cause a child process crash (CVE-2026-33007)\n* mod_proxy_ajp.so: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)\n* mod_dav_lock.so: NULL pointer dereference via specially crafted request (CVE-2026-29169)\n* jbcs-httpd24-mod_md: unrestricted OCSP response leads to resource exhaustion (CVE-2026-29168)\n* jbcs-httpd24-httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n* jbcs-httpd24-openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group (CVE-2026-2673)\n* libexpat-2.dll: denial of service via crafted XML input (CVE-2026-45186)\n* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27201",
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_4_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_4_release_notes/index"
},
{
"category": "external",
"summary": "2379343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379343"
},
{
"category": "external",
"summary": "2447327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447327"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "2464940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464940"
},
{
"category": "external",
"summary": "2464952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464952"
},
{
"category": "external",
"summary": "2464953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464953"
},
{
"category": "external",
"summary": "2465296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465296"
},
{
"category": "external",
"summary": "2465299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465299"
},
{
"category": "external",
"summary": "2466753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466753"
},
{
"category": "external",
"summary": "2466913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466913"
},
{
"category": "external",
"summary": "2468575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468575"
},
{
"category": "external",
"summary": "2485371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27201.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update",
"tracking": {
"current_release_date": "2026-07-09T22:58:18+00:00",
"generator": {
"date": "2026-07-09T22:58:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:27201",
"initial_release_date": "2026-06-22T15:13:13+00:00",
"revision_history": [
{
"date": "2026-06-22T15:13:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T15:13:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T22:58:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services 2.4.62.SP4",
"product": {
"name": "Red Hat JBoss Core Services 2.4.62.SP4",
"product_id": "Red Hat JBoss Core Services 2.4.62.SP4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53020",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-07-10T18:00:46.989628+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379343"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service (DoS). The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53020"
},
{
"category": "external",
"summary": "RHBZ#2379343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379343"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53020"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2025-07-10T16:59:06.340000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "The attack surface can be reduced by disabling HTTP/2 support in Apache.\nFollow the guidance in Red Hat KCS article to:\n- Remove h2 and h2c from the Protocols directive\n- Disable mod_http2 and mod_proxy_http2 modules (if not required)\n\nhttps://access.redhat.com/node/7056356",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase"
},
{
"cve": "CVE-2026-2673",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-13T14:01:14.098405+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447327"
}
],
"notes": [
{
"category": "description",
"text": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client\u0027s initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of this flaw is limited to the choice of key agreement groups in a specific TLS connection. While a less a preferred key agreement group may allow for a connection to lack post-quantum protection, it is important to know that the connection will still be encrypted with a secure classical cipher and that the degradation of the cipher is limited to the active connection and is not a persistent degradation. Groups which the server operator has disallowed will not be used and it may be the case that the client and server fail to agree upon a key exchange group which would prevent the offending client from constructing a TLS connection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2673"
},
{
"category": "external",
"summary": "RHBZ#2447327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f",
"url": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34",
"url": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260313.txt",
"url": "https://openssl-library.org/news/secadv/20260313.txt"
}
],
"release_date": "2026-03-13T13:23:00.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
},
{
"cve": "CVE-2026-28780",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-05-05T22:01:12.666022+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mod_proxy_ajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP (Apache JServ Protocol) server, to send a specially crafted message. This message can cause mod_proxy_ajp to write attacker-controlled data beyond a heap-based buffer, potentially leading to arbitrary code execution or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28780"
},
{
"category": "external",
"summary": "RHBZ#2466913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28780",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28780"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-05T21:29:41.527000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow"
},
{
"cve": "CVE-2026-29168",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-05T14:01:25.519480+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_md module of httpd. When processing OCSP (Online Certificate Status Protocol) responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_md: unrestricted OCSP response leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, the Apache HTTP Server must query an untrusted or compromised OCSP responder, limiting its exposure. Due to this reason, this vulnerability has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_md loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29168"
},
{
"category": "external",
"summary": "RHBZ#2466753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29168",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29168"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-05T13:10:05.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_md and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_md: unrestricted OCSP response leads to resource exhaustion"
},
{
"cve": "CVE-2026-29169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-04T15:01:18.611919+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2465296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer dereference via specially crafted request",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows an unauthenticated remote attacker to crash the server via a specially crafted request. However, the mod_dav_lock module is obsolete and rarely enabled in modern environments. The only known use-case for the module was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Due to this reason, this vulnerability has been rated with a low severity.\n\nThis flaw only affects configurations with mod_dav_lock loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29169"
},
{
"category": "external",
"summary": "RHBZ#2465296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T14:48:29.832000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_dav_lock and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer dereference via specially crafted request"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-33007",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-04T15:01:24.989510+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2465299"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows an unauthenticated remote attacker to cause a crash in a child process. However, the main parent process remains active and functional. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_authn_socache loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33007"
},
{
"category": "external",
"summary": "RHBZ#2465299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465299"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T14:41:27.520000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_authn_socache and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash"
},
{
"cve": "CVE-2026-33857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-05-04T14:01:10.810459+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464953"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33857"
},
{
"category": "external",
"summary": "RHBZ#2464953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33857"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T13:07:30.753000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions"
},
{
"cve": "CVE-2026-34032",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-05-04T14:01:07.000400+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34032"
},
{
"category": "external",
"summary": "RHBZ#2464952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T12:54:54.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check"
},
{
"cve": "CVE-2026-34059",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2026-05-04T13:01:08.557596+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464940"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the ajp_parse_data function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34059"
},
{
"category": "external",
"summary": "RHBZ#2464940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464940"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T12:39:42.273000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()"
},
{
"cve": "CVE-2026-45186",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2026-05-10T07:00:47.768180+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libexpat: denial of service via crafted XML input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file or input with an application linked to the libexpat library. Also, the only security impact of this flaw is a high consumption of CPU resources that can eventually cause a denial of service. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45186"
},
{
"category": "external",
"summary": "RHBZ#2468575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45186"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1216",
"url": "https://github.com/libexpat/libexpat/pull/1216"
}
],
"release_date": "2026-05-10T06:36:16.927000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the maximum size of incoming XML payloads. It is especially critical to limit the decompressed size if the application accepts compressed XML files. Also, consider running the application inside a container or a restricted environment to ensure that the high consumption of CPU resources does not affect the host system.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libexpat: denial of service via crafted XML input"
},
{
"cve": "CVE-2026-49975",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-06-05T06:04:44.009000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2485371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Apache\u0027s `httpd` HTTP/2 protocol implementation has a denial-of-service (DoS) vulnerability that is rated as Important. An unauthenticated remote attacker can exploit this flaw by combining HPACK compression with flow control manipulation, leading to significant server memory exhaustion and rendering the service inaccessible. This vulnerability exists in default HTTP/2 configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-49975"
},
{
"category": "external",
"summary": "RHBZ#2485371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
},
{
"category": "external",
"summary": "RHSB-2026-007",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-49975"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-49975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49975"
},
{
"category": "external",
"summary": "https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb",
"url": "https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb"
}
],
"release_date": "2026-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack"
}
]
}
RHSA-2026:27744
Vulnerability from csaf_redhat - Published: 2026-06-22 04:56 - Updated: 2026-07-01 09:36A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification.\n\nSecurity Fix(es):\n\n* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27744",
"url": "https://access.redhat.com/errata/RHSA-2026:27744"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27744.json"
}
],
"title": "Red Hat Security Advisory: openssl-fips-provider security update",
"tracking": {
"current_release_date": "2026-07-01T09:36:32+00:00",
"generator": {
"date": "2026-07-01T09:36:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:27744",
"initial_release_date": "2026-06-22T04:56:16+00:00",
"revision_history": [
{
"date": "2026-06-22T04:56:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T04:56:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T09:36:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.src",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.src",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.aarch64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.aarch64",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.i686",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.i686",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.i686",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.i686",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el9_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.x86_64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.x86_64",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.s390x",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.s390x",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.aarch64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_8.aarch64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.i686"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_8.i686",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.s390x"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_8.s390x",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.src"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_8.src",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.x86_64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_8.x86_64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.i686"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_8.i686",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T04:56:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27744"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.i686",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:openssl-fips-provider-so-debugsource-0:3.0.7-11.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
}
]
}
RHSA-2026:27745
Vulnerability from csaf_redhat - Published: 2026-06-22 03:57 - Updated: 2026-07-01 09:36A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification.\n\nSecurity Fix(es):\n\n* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27745",
"url": "https://access.redhat.com/errata/RHSA-2026:27745"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27745.json"
}
],
"title": "Red Hat Security Advisory: openssl-fips-provider security update",
"tracking": {
"current_release_date": "2026-07-01T09:36:33+00:00",
"generator": {
"date": "2026-07-01T09:36:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:27745",
"initial_release_date": "2026-06-22T03:57:01+00:00",
"revision_history": [
{
"date": "2026-06-22T03:57:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T03:57:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T09:36:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.src",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.src",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.aarch64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.aarch64",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.s390x",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.s390x",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.x86_64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.x86_64",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.aarch64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.s390x"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.src"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_0.src",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.x86_64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.src",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T03:57:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.src",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27745"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.src",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.src",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_0.x86_64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.aarch64",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.ppc64le",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.s390x",
"BaseOS-10.0.Z.E2S:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
}
]
}
RHSA-2026:27746
Vulnerability from csaf_redhat - Published: 2026-06-22 04:37 - Updated: 2026-07-01 09:36A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification.\n\nSecurity Fix(es):\n\n* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27746",
"url": "https://access.redhat.com/errata/RHSA-2026:27746"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27746.json"
}
],
"title": "Red Hat Security Advisory: openssl-fips-provider security update",
"tracking": {
"current_release_date": "2026-07-01T09:36:34+00:00",
"generator": {
"date": "2026-07-01T09:36:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:27746",
"initial_release_date": "2026-06-22T04:37:41+00:00",
"revision_history": [
{
"date": "2026-06-22T04:37:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T04:37:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T09:36:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.src",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.src",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.aarch64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.aarch64",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el10_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.s390x",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.s390x",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el10_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.x86_64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.x86_64",
"product_id": "openssl-fips-provider-0:3.0.7-11.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-11.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.aarch64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_2.aarch64",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.s390x"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_2.s390x",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.src"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_2.src",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el10_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.x86_64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el10_2.x86_64",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x",
"relates_to_product_reference": "BaseOS-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64",
"relates_to_product_reference": "BaseOS-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.src",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T04:37:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.src",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27746"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.src",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.src",
"BaseOS-10.2.Z:openssl-fips-provider-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el10_2.x86_64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.aarch64",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.ppc64le",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.s390x",
"BaseOS-10.2.Z:openssl-fips-provider-so-debugsource-0:3.0.7-11.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
}
]
}
RHSA-2026:27998
Vulnerability from csaf_redhat - Published: 2026-06-22 15:31 - Updated: 2026-07-09 18:00A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64 | — |
Workaround
|
A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64 | — |
Workaround
|
A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64 | — |
Workaround
|
A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64 | — |
Workaround
|
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64 | — |
Workaround
|
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64 | — |
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Cost Management Metrics Operator version 4.4.1 release.",
"title": "Topic"
},
{
"category": "general",
"text": "The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift.\nThe operator runs on the latest supported versions of Openshift.\nThis operator obtains OpenShift usage data by querying Prometheus every hour to create metric reports\nthat it uploads to Cost Management at console.redhat.com.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27998",
"url": "https://access.redhat.com/errata/RHSA-2026:27998"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2100",
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28390",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4046",
"url": "https://access.redhat.com/security/cve/CVE-2026-4046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4437",
"url": "https://access.redhat.com/security/cve/CVE-2026-4437"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4438",
"url": "https://access.redhat.com/security/cve/CVE-2026-4438"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4878",
"url": "https://access.redhat.com/security/cve/CVE-2026-4878"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/cost_management_service/1-latest/html/getting_started_with_cost_management/steps-to-cost-management",
"url": "https://docs.redhat.com/en/documentation/cost_management_service/1-latest/html/getting_started_with_cost_management/steps-to-cost-management"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27998.json"
}
],
"title": "Red Hat Security Advisory: Cost Management Metrics Operator Update",
"tracking": {
"current_release_date": "2026-07-09T18:00:42+00:00",
"generator": {
"date": "2026-07-09T18:00:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:27998",
"initial_release_date": "2026-06-22T15:31:52+00:00",
"revision_history": [
{
"date": "2026-06-22T15:31:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T15:31:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T18:00:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cost Management 4",
"product": {
"name": "Cost Management 4",
"product_id": "Cost Management 4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cost_management:4::el9"
}
}
}
],
"category": "product_family",
"name": "Cost Management"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"product": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel9-operator@sha256%3A92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator\u0026tag=1780946239"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"product": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-operator-bundle@sha256%3Ac2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle\u0026tag=1780989656"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"product": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel9-operator@sha256%3A62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc?arch=arm64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator\u0026tag=1780946239"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le",
"product": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le",
"product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel9-operator@sha256%3Ae694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335?arch=ppc64le\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator\u0026tag=1780946239"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"product": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"product_id": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel9-operator@sha256%3A40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275?arch=s390x\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator\u0026tag=1780946239"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64 as a component of Cost Management 4",
"product_id": "Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
},
"product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"relates_to_product_reference": "Cost Management 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x as a component of Cost Management 4",
"product_id": "Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x"
},
"product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"relates_to_product_reference": "Cost Management 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64 as a component of Cost Management 4",
"product_id": "Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64"
},
"product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"relates_to_product_reference": "Cost Management 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64 as a component of Cost Management 4",
"product_id": "Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64"
},
"product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"relates_to_product_reference": "Cost Management 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le as a component of Cost Management 4",
"product_id": "Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
},
"product_reference": "registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le",
"relates_to_product_reference": "Cost Management 4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Zoltan Fridrich"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-2100",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-02-06T12:02:49.002000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437308"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact flaw in p11-kit allows a remote attacker to cause an application level denial of service or unpredictable system states. Exploitation occurs when the C_DeriveKey function is called on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This affects Red Hat Enterprise Linux 9.8 and 10.2, Fedora 42 and 43, and Red Hat In-Vehicle OS 2.0. Other Red Hat products, including OpenShift Container Platform and various RHEL versions, are not affected as the vulnerable code is not present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"known_not_affected": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2100"
},
{
"category": "external",
"summary": "RHBZ#2437308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100"
},
{
"category": "external",
"summary": "https://github.com/p11-glue/p11-kit/pull/740",
"url": "https://github.com/p11-glue/p11-kit/pull/740"
},
{
"category": "external",
"summary": "https://github.com/p11-glue/p11-kit/releases/tag/0.26.2",
"url": "https://github.com/p11-glue/p11-kit/releases/tag/0.26.2"
}
],
"release_date": "2026-02-06T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:31:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/operators/admin/olm-upgrading-operators.html",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27998"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters"
},
{
"cve": "CVE-2026-4046",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-30T18:01:19.326391+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453117"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Denial of Service via iconv() function with specific character sets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability impact posed by this flaw is limited on Red Hat systems. The affected iconv() function has been separated out into a an independent package (`glibc-gconv-extra`) and is not used in system critical software. Some applications do rely on this package and may be affected, but they are either interactive applications or are configured to restart in the event of a crash.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"known_not_affected": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4046"
},
{
"category": "external",
"summary": "RHBZ#2453117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453117"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046"
},
{
"category": "external",
"summary": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/",
"url": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980"
},
{
"category": "external",
"summary": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD",
"url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD"
}
],
"release_date": "2026-03-30T17:16:11.021000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:31:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/operators/admin/olm-upgrading-operators.html",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27998"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Denial of Service via iconv() function with specific character sets"
},
{
"cve": "CVE-2026-4437",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-20T21:01:45.993907+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact flaw in glibc allows a remote attacker to send a specially crafted DNS response when an application uses `gethostbyaddr` or `gethostbyaddr_r` with glibc\u0027s DNS backend configured in `nsswitch.conf`. This can lead to incorrect interpretation of DNS responses. Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as OpenShift Container Platform, are affected if applications are configured to use the vulnerable DNS backend.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"known_not_affected": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4437"
},
{
"category": "external",
"summary": "RHBZ#2449777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"
}
],
"release_date": "2026-03-20T19:59:00.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:31:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/operators/admin/olm-upgrading-operators.html",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27998"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response"
},
{
"cve": "CVE-2026-4438",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2026-03-20T21:02:16.458842+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449783"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a LOW impact flaw where glibc\u0027s `gethostbyaddr` and `gethostbyaddr_r` functions may return an invalid DNS hostname. This occurs when applications use a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend. This could lead to applications receiving incorrect hostname information, potentially affecting network operations or security decisions on Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"known_not_affected": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4438"
},
{
"category": "external",
"summary": "RHBZ#2449783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015"
}
],
"release_date": "2026-03-20T19:59:06.064000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:31:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/operators/admin/olm-upgrading-operators.html",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27998"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions"
},
{
"acknowledgments": [
{
"names": [
"Ali Raza"
]
}
],
"cve": "CVE-2026-4878",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-26T06:56:21.213270+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. A Time-of-Check-to-Time-of-Use (TOCTOU) race condition in libcap\u0027s cap_set_file() allows a local unprivileged user to escalate privileges. An attacker with write access to a parent directory can exploit a narrow window during file capability updates to redirect capabilities to an attacker-controlled file. This can lead to the injection of elevated privileges into an unintended executable when privileged processes, such as setcap or container tooling, invoke cap_set_file() on attacker-influenced paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"known_not_affected": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4878"
},
{
"category": "external",
"summary": "RHBZ#2451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554"
}
],
"release_date": "2026-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:31:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/operators/admin/olm-upgrading-operators.html",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27998"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()"
},
{
"cve": "CVE-2026-28390",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-04-07T23:01:18.313921+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456314"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been rated as moderate by redhat because the vulnerability is limited to a denial-of-service condition caused by a NULL pointer dereference in OpenSSL CMS processing, without evidence of memory corruption or code execution, furthermore the Affected functionality is niche. The vulnerable path requires:\nCMS/S/MIME processing,\nspecifically CMS_decrypt(),\nwith RSA-OAEP KeyTransportRecipientInfo.\nMany OpenSSL consumers never use CMS APIs, never process S/MIME,\nor do not decrypt attacker-controlled CMS objects.\nSo exposure is far narrower than a generic TLS parsing vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"known_not_affected": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "RHBZ#2456314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc",
"url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6",
"url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4",
"url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788",
"url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75",
"url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T22:00:54.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:31:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/operators/admin/olm-upgrading-operators.html",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27998"
},
{
"category": "workaround",
"details": "Applications that process Cryptographic Message Syntax (CMS) EnvelopedData messages should be configured to only accept input from trusted sources. Restricting network access to services that process untrusted CMS data can also reduce exposure to this Denial of Service vulnerability.",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"known_not_affected": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:31:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/operators/admin/olm-upgrading-operators.html",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27998"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle@sha256:c2c4a771905d23d7c0aad05672e5d8491c744ccb7f7192ef31e2b93f82a1f3b4_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:40f9729022eb27cefd14f7d0e0d869b936e5862cb079009de45cf7b3626a4275_s390x",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:62c2477e0d9ceb1998eb0d1b496ee6e46b83433ff901909aa749d6dacfaf23cc_arm64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:92da8c11452f7ae0f24e70d453f03d31e7a10ac1276c5bdc63539952d2c87b23_amd64",
"Cost Management 4:registry.redhat.io/costmanagement/costmanagement-metrics-rhel9-operator@sha256:e694c9b65667f1989df1a4c7028defd9b42f099046d55807bfef3d766ba65335_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
}
]
}
RHSA-2026:28211
Vulnerability from csaf_redhat - Published: 2026-06-23 12:41 - Updated: 2026-07-01 09:36A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-fips-provider-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-fips-provider-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-fips-provider-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nopenssl-fips-provider:\n * openssl-fips-provider-3.0.7-1.2.hum1 (aarch64, x86_64)\n * openssl-fips-provider-so-3.0.7-1.2.hum1 (aarch64, x86_64)\n * openssl-fips-provider-3.0.7-1.2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28211",
"url": "https://access.redhat.com/errata/RHSA-2026:28211"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28211.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-01T09:36:38+00:00",
"generator": {
"date": "2026-07-01T09:36:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:28211",
"initial_release_date": "2026-06-23T12:41:30+00:00",
"revision_history": [
{
"date": "2026-06-23T12:41:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-23T13:04:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T09:36:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-main@aarch64",
"product": {
"name": "openssl-fips-provider-main@aarch64",
"product_id": "openssl-fips-provider-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-1.2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-main@src",
"product": {
"name": "openssl-fips-provider-main@src",
"product_id": "openssl-fips-provider-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-1.2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-main@x86_64",
"product": {
"name": "openssl-fips-provider-main@x86_64",
"product_id": "openssl-fips-provider-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-1.2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:openssl-fips-provider-main@aarch64"
},
"product_reference": "openssl-fips-provider-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:openssl-fips-provider-main@src"
},
"product_reference": "openssl-fips-provider-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:openssl-fips-provider-main@x86_64"
},
"product_reference": "openssl-fips-provider-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-fips-provider-main@aarch64",
"Red Hat Hardened Images:openssl-fips-provider-main@src",
"Red Hat Hardened Images:openssl-fips-provider-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T12:41:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-fips-provider-main@aarch64",
"Red Hat Hardened Images:openssl-fips-provider-main@src",
"Red Hat Hardened Images:openssl-fips-provider-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-fips-provider-main@aarch64",
"Red Hat Hardened Images:openssl-fips-provider-main@src",
"Red Hat Hardened Images:openssl-fips-provider-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-fips-provider-main@aarch64",
"Red Hat Hardened Images:openssl-fips-provider-main@src",
"Red Hat Hardened Images:openssl-fips-provider-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
}
]
}
RHSA-2026:28832
Vulnerability from csaf_redhat - Published: 2026-06-24 07:54 - Updated: 2026-07-01 09:36A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.4 Extended Update Support, and Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification.\n\nSecurity Fix(es):\n\n* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28832",
"url": "https://access.redhat.com/errata/RHSA-2026:28832"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28832.json"
}
],
"title": "Red Hat Security Advisory: openssl-fips-provider security update",
"tracking": {
"current_release_date": "2026-07-01T09:36:44+00:00",
"generator": {
"date": "2026-07-01T09:36:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:28832",
"initial_release_date": "2026-06-24T07:54:07+00:00",
"revision_history": [
{
"date": "2026-06-24T07:54:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T23:12:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T09:36:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"product": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"product_id": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-debugsource@3.0.7-11.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.src",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.src",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"product": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"product_id": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-debugsource@3.0.7-11.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"product": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"product_id": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-debugsource@3.0.7-11.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"product": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"product_id": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-debugsource@3.0.7-11.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_0?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"product_id": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-11.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"product_id": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-11.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"product": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"product_id": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-debugsource@3.0.7-11.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-11.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.src"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T07:54:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28832"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.2.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.4.0.Z.E4S:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.src",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-debugsource-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-0:3.0.7-11.el9_0.x86_64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.aarch64",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.i686",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.ppc64le",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.s390x",
"BaseOS-9.6.0.Z.EUS:openssl-fips-provider-so-debuginfo-0:3.0.7-11.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
}
]
}
RHSA-2026:33313
Vulnerability from csaf_redhat - Published: 2026-06-29 22:05 - Updated: 2026-07-10 16:14A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Workaround
|
A flaw was found in the ngx_http_rewrite_module module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures and a replacement string that references multiple such captures in a redirect or arguments context, an unauthenticated attacker can send crafted HTTP requests and cause a heap-based buffer overflow in the worker process, potentially allowing code execution or a denial of service by forcing the process to restart.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33313",
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34459",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-10911",
"url": "https://access.redhat.com/security/cve/CVE-2025-10911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13151",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5278",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-71319",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33416",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33636",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41411",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-8643",
"url": "https://access.redhat.com/security/cve/CVE-2026-8643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9256",
"url": "https://access.redhat.com/security/cve/CVE-2026-9256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33313.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-07-10T16:14:53+00:00",
"generator": {
"date": "2026-07-10T16:14:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33313",
"initial_release_date": "2026-06-29T22:05:31+00:00",
"revision_history": [
{
"date": "2026-06-29T22:05:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T22:05:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:14:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1782763840"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Ae9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1782756541"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1782763840"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1782756541"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34459",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects the xmllint program when the `--htmlout\u0027 command line option is used. Additionally, an application is not vulnerable if it does not use or expose the xmllint program.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "RHBZ#2280532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the xmllint program.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c"
},
{
"acknowledgments": [
{
"names": [
"Mohamed Maatallah"
]
}
],
"cve": "CVE-2025-5278",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-05-27T13:50:20.148000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368764"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GNU Coreutils. The sort utility\u0027s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is considered Moderate rather than Critical because successful exploitation requires the use of the traditional key specification syntax with an exceptionally large character position value, which is uncommon in typical usage. Although the vulnerability can lead to a heap buffer overflow resulting in a read one byte before the allocated buffer, it does not enable code execution, privilege escalation, or direct compromise of data confidentiality or integrity. The impact is therefore primarily limited to potential service disruption due to application crashes.\n\nFurthermore, default RHEL configurations such as SELinux enforcement, ASLR, and memory protections reduce the likelihood of exploitation and limit the scope of any resulting impact. These safeguards, along with typical system usage patterns that do not commonly invoke the vulnerable code path, restrict exploitability in default and hardened environments. Consequently, the vulnerability\u2019s overall security impact is mitigated compared to flaws that allow immediate code execution or broader compromise across system components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "RHBZ#2368764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633",
"url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
},
{
"category": "external",
"summary": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507",
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
}
],
"release_date": "2025-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification"
},
{
"cve": "CVE-2025-10911",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-09-24T12:46:50.095000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: use-after-free with key data stored cross-RVT",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-10911"
},
{
"category": "external",
"summary": "RHBZ#2397838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10911"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77"
}
],
"release_date": "2025-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: use-after-free with key data stored cross-RVT"
},
{
"cve": "CVE-2025-13151",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-07T22:01:02.206250+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A stack-based buffer overflow in the `libtasn1` library, specifically within the `asn1_expend_octet_string` function, can be triggered by failing to validate input data size. This could allow a remote, unauthenticated attacker to cause a denial of service in applications utilizing `libtasn1`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "RHBZ#2427698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1",
"url": "https://gitlab.com/gnutls/libtasn1"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121",
"url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"
}
],
"release_date": "2026-01-07T21:14:05.223000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string"
},
{
"cve": "CVE-2025-71319",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-06-09T21:01:11.339286+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `image-size` component, which can be triggered remotely by processing specially crafted JXL, HEIF, or JP2 image files containing zero-sized boxes. This flaw can lead to an application hang due to an infinite loop in the `findBox` function, impacting the availability of services that rely on this image processing library within Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"category": "external",
"summary": "RHBZ#2487296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-71319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319"
},
{
"category": "external",
"summary": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7",
"url": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-findbox-function",
"url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-findbox-function"
}
],
"release_date": "2026-06-09T19:57:16.125000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images."
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-8643",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-04-22T23:09:35+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in pip\u0027s wheel installation process allows for arbitrary file overwrite due to path traversal. An attacker could exploit this by convincing a user to install a specially crafted malicious Python wheel. While file overwrites are limited to the installing user\u0027s permissions, using `pip install` with elevated privileges in Red Hat environments significantly increases the potential impact, potentially leading to system integrity compromise or arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-8643"
},
{
"category": "external",
"summary": "RHBZ#2460927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-8643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-8643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8643"
},
{
"category": "external",
"summary": "https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb",
"url": "https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb"
}
],
"release_date": "2026-05-27T17:03:36.585000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid installing Python wheels from untrusted sources. It is strongly advised against using `pip install` with elevated privileges, such as `sudo`, when installing wheels. Additionally, administrators should inspect `entry_points.txt` within wheels for path separators or absolute paths before installation.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite"
},
{
"cve": "CVE-2026-9256",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2026-05-22T15:00:55.131994+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480746"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ngx_http_rewrite_module module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures and a replacement string that references multiple such captures in a redirect or arguments context, an unauthenticated attacker can send crafted HTTP requests and cause a heap-based buffer overflow in the worker process, potentially allowing code execution or a denial of service by forcing the process to restart.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: ngx_http_rewrite_module: code execution and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, a rewrite directive must be configured with a regex pattern that uses distinct, overlapping PCRE captures and a replacement string referencing multiple such captures, limiting its exposure as this is not the default configuration. This issue allows an attacker to potentially execute arbitrary code or cause a denial of service by forcing the worker process to restart.\n\nDefault Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability.\n\nDue to these reasons, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9256"
},
{
"category": "external",
"summary": "RHBZ#2480746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9256"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9256"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000161377",
"url": "https://my.f5.com/manage/s/article/K000161377"
}
],
"release_date": "2026-05-22T14:11:41.877000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, use named captures instead of unnamed captures in rewrite definitions.\n\nFor example, the following rewrite directive uses unnamed PCRE capture groups, $1 and $2:\n\n~~~\nrewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1\u0026tab=$2 last;\n~~~\n\nTo mitigate this vulnerability for this example, replace $1 and $2 with the appropriate named captures, $user_id and $section:\n\n~~~\nrewrite ^/users/(?\u003cuser_id\u003e[0-9]+)/profile/(?\u003csection\u003e.*)$ /profile.php?id=$user_id\u0026tab=$section last;\n~~~",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nginx: ngx_http_rewrite_module: code execution and denial of service"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
},
{
"cve": "CVE-2026-41411",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-24T18:01:49.275019+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461614"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "RHBZ#2461614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41411",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb",
"url": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0357",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0357"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8",
"url": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8"
}
],
"release_date": "2026-04-24T16:51:39.657000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue involves exercising caution when opening or processing tag files from untrusted sources. Users should avoid loading tag files from unknown or suspicious origins to prevent the execution of arbitrary commands.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:34102
Vulnerability from csaf_redhat - Published: 2026-07-01 08:17 - Updated: 2026-07-09 18:01A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A signed integer overflow vulnerability exists when sizing the destination buffer for Unicode output. This can lead to a heap buffer overflow, which may result in a crash or potentially allow an attacker to execute arbitrary code. Exploitation requires an application to directly call specific functions with a large amount of attacker-controlled input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax (CMS) data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key (KEK) cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leading to a Denial of Service (DoS). This vulnerability does not require password knowledge and can be exploited before authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an application crash, resulting in a Denial of Service (DoS), or potentially disclose sensitive information by loading memory contents beyond the input buffer. This issue primarily affects 64-bit Unix and Unix-like platforms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS#12 (Public-Key Cryptography Standards #12) files that use Password-Based Message Authentication Code 1 (PBMAC1) with short HMAC (Hash-based Message Authentication Code) keys. This can lead to a service accepting attacker-controlled certificates and private keys with a 1 in 256 probability, potentially enabling impersonation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's Cryptographic Message Services (CMS) AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity validation. Consequently, an attacker may achieve key-equivalent functionality for a given CMS recipient.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's QUIC PATH_CHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATH_CHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates PATH_RESPONSE frames without them being acknowledged. The primary consequence is a Denial of Service (DoS), causing the affected application to terminate abnormally due to memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or further system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the OpenSSL QUIC (Quick UDP Internet Connections) server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server's address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server process to terminate abnormally and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax (CMS) decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional, is dereferenced without proper validation. Successful exploitation leads to an application crash, resulting in a Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol (CMP) server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format (CRMF) CertRepMessage with a specific malformed EncryptedValue structure, would trigger a NULL pointer dereference in the OpenSSL CMP client. This vulnerability leads to a crash of the application, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's CMS_decrypt() and PKCS7_decrypt() functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME messages and observe the application's error codes or decryption output. While the attack is technically possible, the specific conditions required make it unlikely to be exploited in typical deployments.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Certificate Management Protocol (CMP) implementation within OpenSSL. An attacker with existing Registration Authority (RA) level credentials could exploit an error in the certificate verification process during a Root Certificate Authority (CA) key update. This vulnerability allows the attacker to replace the root CA certificate for CMP clients with a fraudulent one. The primary consequence is an escalation of privileges, enabling the attacker to gain control equivalent to the root CA.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX (X9.42) peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This information disclosure can lead to unauthorized access or further compromise of affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface (EVP_Cipher()) will have their provided Initialization Vector (IV) silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the confidentiality of encrypted data. Additionally, this issue allows for the universal forgery of authentication tags, undermining the integrity of communications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. The implementations of AES-SIV (Advanced Encryption Standard - SIV) and AES-GCM-SIV (Advanced Encryption Standard - Galois/Counter Mode - SIV) incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages with arbitrary Additional Authenticated Data (AAD) in applications that utilize these specific cipher modes within custom protocols and do not properly handle zero-length ciphertexts. This could lead to unauthorized data manipulation.
CWE-347 - Improper Verification of Cryptographic Signature| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When processing a specially crafted PKCS#7 or S/MIME (Secure/Multipurpose Internet Mail Extensions) signed message, a heap use-after-free vulnerability in the PKCS7_verify() function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, leading to incorrect memory deallocation. A remote attacker could exploit this to cause application crashes, memory corruption, or potentially achieve remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM\nand serves as an intermediary between cystomer systems in disconnected networks,\nair-gapped systems or systems with no outside connections and Insights.\n\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing\na layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:34102",
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34459",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13151",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5278",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34180",
"url": "https://access.redhat.com/security/cve/CVE-2026-34180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34181",
"url": "https://access.redhat.com/security/cve/CVE-2026-34181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34182",
"url": "https://access.redhat.com/security/cve/CVE-2026-34182"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34183",
"url": "https://access.redhat.com/security/cve/CVE-2026-34183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-35177",
"url": "https://access.redhat.com/security/cve/CVE-2026-35177"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41411",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42764",
"url": "https://access.redhat.com/security/cve/CVE-2026-42764"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42766",
"url": "https://access.redhat.com/security/cve/CVE-2026-42766"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42767",
"url": "https://access.redhat.com/security/cve/CVE-2026-42767"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42768",
"url": "https://access.redhat.com/security/cve/CVE-2026-42768"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42769",
"url": "https://access.redhat.com/security/cve/CVE-2026-42769"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42770",
"url": "https://access.redhat.com/security/cve/CVE-2026-42770"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45445",
"url": "https://access.redhat.com/security/cve/CVE-2026-45445"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45446",
"url": "https://access.redhat.com/security/cve/CVE-2026-45446"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45447",
"url": "https://access.redhat.com/security/cve/CVE-2026-45447"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5450",
"url": "https://access.redhat.com/security/cve/CVE-2026-5450"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-7383",
"url": "https://access.redhat.com/security/cve/CVE-2026-7383"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9076",
"url": "https://access.redhat.com/security/cve/CVE-2026-9076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34102.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2026-07-09T18:01:05+00:00",
"generator": {
"date": "2026-07-09T18:01:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:34102",
"initial_release_date": "2026-07-01T08:17:36+00:00",
"revision_history": [
{
"date": "2026-07-01T08:17:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-01T08:17:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T18:01:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Aab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy/insights-proxy-container-rhel9\u0026tag=1782890503"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Ad819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy/insights-proxy-container-rhel9\u0026tag=1782890503"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34459",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects the xmllint program when the `--htmlout\u0027 command line option is used. Additionally, an application is not vulnerable if it does not use or expose the xmllint program.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "RHBZ#2280532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the xmllint program.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c"
},
{
"acknowledgments": [
{
"names": [
"Mohamed Maatallah"
]
}
],
"cve": "CVE-2025-5278",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-05-27T13:50:20.148000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368764"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GNU Coreutils. The sort utility\u0027s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is considered Moderate rather than Critical because successful exploitation requires the use of the traditional key specification syntax with an exceptionally large character position value, which is uncommon in typical usage. Although the vulnerability can lead to a heap buffer overflow resulting in a read one byte before the allocated buffer, it does not enable code execution, privilege escalation, or direct compromise of data confidentiality or integrity. The impact is therefore primarily limited to potential service disruption due to application crashes.\n\nFurthermore, default RHEL configurations such as SELinux enforcement, ASLR, and memory protections reduce the likelihood of exploitation and limit the scope of any resulting impact. These safeguards, along with typical system usage patterns that do not commonly invoke the vulnerable code path, restrict exploitability in default and hardened environments. Consequently, the vulnerability\u2019s overall security impact is mitigated compared to flaws that allow immediate code execution or broader compromise across system components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "RHBZ#2368764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633",
"url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
},
{
"category": "external",
"summary": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507",
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
}
],
"release_date": "2025-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification"
},
{
"cve": "CVE-2025-13151",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-07T22:01:02.206250+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A stack-based buffer overflow in the `libtasn1` library, specifically within the `asn1_expend_octet_string` function, can be triggered by failing to validate input data size. This could allow a remote, unauthenticated attacker to cause a denial of service in applications utilizing `libtasn1`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "RHBZ#2427698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1",
"url": "https://gitlab.com/gnutls/libtasn1"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121",
"url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"
}
],
"release_date": "2026-01-07T21:14:05.223000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string"
},
{
"cve": "CVE-2026-5450",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-20T21:01:35.403778+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Because this flaw requires that an affected application call the affected functions with an attacker-supplied value, Red Hat assesses the Attack Complexity of this flaw as High. Additionally, the flaw overflows a single byte onto the heap, so meaningful exploitation requires that the heap is structured such that a single byte can lead to an attacker-controlled outcome, or that the affected functions can be invoked with an attacker-controlled buffer base address. Regarding Attack Vector and Privileges Required, Red Hat assesses these elements as Local and Low respectively, as remote unauthenticated exploitation would require all the conditions above in a library client that listened on a network port and processed attacker-controllable data with the affected library functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5450"
},
{
"category": "external",
"summary": "RHBZ#2459853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5450",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450"
},
{
"category": "external",
"summary": "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u",
"url": "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450"
}
],
"release_date": "2026-04-20T20:55:41.170000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width"
},
{
"cve": "CVE-2026-7383",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-27T13:08:15.013000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481879"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A signed integer overflow vulnerability exists when sizing the destination buffer for Unicode output. This can lead to a heap buffer overflow, which may result in a crash or potentially allow an attacker to execute arbitrary code. Exploitation requires an application to directly call specific functions with a large amount of attacker-controlled input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low impact. This flaw in OpenSSL\u0027s ASN1_mbstring_ncopy() function, leading to a heap buffer overflow, is difficult to exploit in typical Red Hat environments. Exploitation requires an application to directly call the vulnerable function with an extremely large, attacker-controlled input (over half a gigabyte), a scenario not present in standard OpenSSL certificate or network protocol handling.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-7383"
},
{
"category": "external",
"summary": "RHBZ#2481879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481879"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-7383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-7383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7383"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing"
},
{
"cve": "CVE-2026-9076",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-05-27T13:10:14.368000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax (CMS) data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key (KEK) cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leading to a Denial of Service (DoS). This vulnerability does not require password knowledge and can be exploited before authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Low impact denial of service due to a heap out-of-bounds read in `kek_unwrap_key()` when processing attacker-supplied CMS data with an attacker-chosen stream-mode KEK cipher. This flaw requires specific memory conditions (input buffer ending at a page boundary with an unmapped following page) to trigger a crash, which is uncommon in typical Red Hat environments. No information disclosure is possible, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9076"
},
{
"category": "external",
"summary": "RHBZ#2481880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9076"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-34180",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-27T13:10:51.985000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481881"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an application crash, resulting in a Denial of Service (DoS), or potentially disclose sensitive information by loading memory contents beyond the input buffer. This issue primarily affects 64-bit Unix and Unix-like platforms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact vulnerability in OpenSSL\u0027s ASN.1 decoder affects 64-bit Unix-like platforms, where processing a crafted DER-encoded ASN.1 structure exceeding 2 gigabytes can lead to a heap buffer over-read. This may result in application crashes (Denial of Service) or unintended memory exposure. Red Hat products are only affected if they process untrusted, excessively large ASN.1 input using OpenSSL\u0027s d2i_* decoding functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34180"
},
{
"category": "external",
"summary": "RHBZ#2481881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481881"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34180"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure."
},
{
"cve": "CVE-2026-34181",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481882"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS#12 (Public-Key Cryptography Standards #12) files that use Password-Based Message Authentication Code 1 (PBMAC1) with short HMAC (Hash-based Message Authentication Code) keys. This can lead to a service accepting attacker-controlled certificates and private keys with a 1 in 256 probability, potentially enabling impersonation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: This flaw allows an attacker to forge PKCS#12 files with a 1 in 256 probability, leading to the acceptance of attacker-controlled certificates and private keys by services configured to use PBMAC1 authentication. Red Hat products utilizing OpenSSL versions 3.0, 1.1.1, or 1.0.2 are not affected, as these versions do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34181"
},
{
"category": "external",
"summary": "RHBZ#2481882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34181"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict validation on all uploaded PKCS#12 files to reject those containing abnormally short security keys. Additionally, enabling FIPS mode on your system can help protect your environment, as the vulnerable OpenSSL code operates entirely outside the approved FIPS cryptographic boundary.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys"
},
{
"cve": "CVE-2026-34182",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-05-27T13:59:43+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s Cryptographic Message Services (CMS) AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity validation. Consequently, an attacker may achieve key-equivalent functionality for a given CMS recipient.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw in OpenSSL\u0027s Cryptographic Message Services (CMS) AuthEnvelopedData processing could allow an on-path attacker to forge messages or bypass integrity validation. This is due to insufficient input validation on cipher and tag length fields, potentially leading to key-equivalent functionality or integrity bypass in applications utilizing affected OpenSSL versions for CMS AuthEnvelopedData.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34182"
},
{
"category": "external",
"summary": "RHBZ#2481884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34182"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Systems configured to operate in FIPS mode are not affected by this vulnerability. To mitigate this issue, ensure that OpenSSL is operating in FIPS mode by enabling the system-wide FIPS policy. This may have broader implications for cryptographic operations on the system and should be evaluated for compatibility with existing applications. A system reboot may be required for the changes to take effect.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages"
},
{
"cve": "CVE-2026-34183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-27T14:04:59+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481885"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s QUIC PATH_CHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATH_CHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates PATH_RESPONSE frames without them being acknowledged. The primary consequence is a Denial of Service (DoS), causing the affected application to terminate abnormally due to memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Moderate severity flaw exists in the QUIC PATH_CHALLENGE handler, allowing a remote attacker to exhaust heap memory of a QUIC client or server. By flooding the local QUIC stack with PATH_CHALLENGE frames, a malicious peer can trigger unbounded memory allocation, leading to a denial of service for applications utilizing the vulnerable QUIC implementation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34183"
},
{
"category": "external",
"summary": "RHBZ#2481885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481885"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34183",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34183"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, apply UDP rate limiting at your network edge to throttle malicious traffic. If QUIC is not strictly required, disable the listener entirely and configure your application to use standard TLS over TCP. Additionally, enforce strict process memory limits using cgroups to prevent host-wide memory exhaustion during an attack.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler"
},
{
"cve": "CVE-2026-35177",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-04-06T19:01:00.182513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim\u0027s zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There\u0027s a flaw in `zip.vim` plugin in Vim, allowing a local attacker to overwrite arbitrary files. A user must be tricked into opening a specially crafted zip archive for exploitation, potentially compromising data integrity or the system. When successfully exploited this vulnerability enables the attacker to overwrite arbitrary files or inject code in sensitive system\u0027s location, the impact of the exploitation depends on the privileges which the `vim` process is being executed. Sensitive or privileges files are only susceptible to be overwritten only if the `vim` process is being executed by a high privileged user.\n\nRed Hat Product Security team has rated this vulnerability as having a impact of MODERATE, this decision was made by the fact the user needs to be tricked to open a maliciously crafted file in order to a successful attack to be performed. Additionally the impact will be limited to files which the user running the `vim` process has write permissions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-35177"
},
{
"category": "external",
"summary": "RHBZ#2455542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-35177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-35177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35177"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24",
"url": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24"
}
],
"release_date": "2026-04-06T17:54:42.779000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Avoid opening untrusted zip archives with Vim. This operational control prevents the necessary user interaction required to trigger the path traversal vulnerability in the `zip.vim` plugin.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass"
},
{
"cve": "CVE-2026-41411",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-24T18:01:49.275019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461614"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "RHBZ#2461614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41411",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb",
"url": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0357",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0357"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8",
"url": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8"
}
],
"release_date": "2026-04-24T16:51:39.657000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue involves exercising caution when opening or processing tag files from untrusted sources. Users should avoid loading tag files from unknown or suspicious origins to prevent the execution of arbitrary commands.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files"
},
{
"cve": "CVE-2026-42764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:08:07+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481887"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL QUIC (Quick UDP Internet Connections) server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server\u0027s address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server process to terminate abnormally and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: NULL pointer dereference in QUIC server initial packet handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Moderate severity issue. A NULL pointer dereference can occur in the OpenSSL QUIC server when processing initial packets with invalid tokens, leading to a denial of service. This vulnerability is only exploitable if the client address validation is explicitly disabled using the `SSL_LISTENER_FLAG_NO_VALIDATE` flag, which is not the default configuration for OpenSSL QUIC servers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42764"
},
{
"category": "external",
"summary": "RHBZ#2481887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481887"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42764",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42764"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42764",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42764"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the OpenSSL QUIC server has client address validation enabled. This is the default configuration. If the `SSL_LISTENER_FLAG_NO_VALIDATE` flag is being used with the `SSL_new_listener()` call, it should be removed to prevent the vulnerability from being exploitable.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: NULL pointer dereference in QUIC server initial packet handling"
},
{
"cve": "CVE-2026-42766",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax (CMS) decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional, is dereferenced without proper validation. Successful exploitation leads to an application crash, resulting in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Possible NULL Dereference in Password-Based CMS Decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated as Low impact. A NULL pointer dereference in OpenSSL\u0027s CMS decryption can be triggered by a specially crafted password-encrypted CMS message, leading to an Red Hat application crash and Denial of Service. This affects applications that perform password-based CMS decryption.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42766"
},
{
"category": "external",
"summary": "RHBZ#2481890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42766",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42766"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42766",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42766"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Possible NULL Dereference in Password-Based CMS Decryption"
},
{
"cve": "CVE-2026-42767",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol (CMP) server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format (CRMF) CertRepMessage with a specific malformed EncryptedValue structure, would trigger a NULL pointer dereference in the OpenSSL CMP client. This vulnerability leads to a crash of the application, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Low severity issue. A null pointer dereference flaw in the OpenSSL Certificate Management Protocol (CMP) client could be triggered by an attacker-controlled CMP server. This could lead to a denial of service in applications that process untrusted CMP/CRMF messages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42767"
},
{
"category": "external",
"summary": "RHBZ#2481891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42767",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42767"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that OpenSSL CMP client applications only communicate with trusted Certificate Management Protocol (CMP) servers. If CMP client functionality is not required, consider disabling or restricting its use to reduce exposure.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption"
},
{
"cve": "CVE-2026-42768",
"cwe": {
"id": "CWE-205",
"name": "Observable Behavioral Discrepancy"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481892"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s CMS_decrypt() and PKCS7_decrypt() functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim\u0027s private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME messages and observe the application\u0027s error codes or decryption output. While the attack is technically possible, the specific conditions required make it unlikely to be exploited in typical deployments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low severity vulnerability in OpenSSL\u0027s CMS_decrypt() and PKCS7_decrypt() functions exposes a Bleichenbacher-style oracle. Exploitation requires an attacker to control input CMS/S/MIME messages and observe decryption errors or output, a scenario deemed unlikely in most Red Hat product deployments. The attack could allow decryption or signing of messages with a victim\u0027s private RSA key.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42768"
},
{
"category": "external",
"summary": "RHBZ#2481892",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481892"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42768"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42768",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42768"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, applications utilizing CMS_decrypt() or PKCS7_decrypt() should ensure a recipient certificate is always provided to identify the specific RecipientInfo for decryption. This practice helps prevent the Bleichenbacher-style oracle attack by ensuring proper key identification.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()"
},
{
"cve": "CVE-2026-42769",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Certificate Management Protocol (CMP) implementation within OpenSSL. An attacker with existing Registration Authority (RA) level credentials could exploit an error in the certificate verification process during a Root Certificate Authority (CA) key update. This vulnerability allows the attacker to replace the root CA certificate for CMP clients with a fraudulent one. The primary consequence is an escalation of privileges, enabling the attacker to gain control equivalent to the root CA.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue has a Low impact as it requires an attacker to already possess valid Registration Authority (RA) level credentials to exploit. A flaw in the Certificate Management Protocol (CMP) root CA key update process could allow an RA to substitute the root CA certificate for CMP clients with an arbitrary certificate, potentially leading to a trust-anchor substitution. FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42769"
},
{
"category": "external",
"summary": "RHBZ#2481893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42769",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42769"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42769",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42769"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate"
},
{
"cve": "CVE-2026-42770",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481894"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX (X9.42) peer key. Due to improper validation of the peer key\u0027s subgroup membership, an attacker can recover the victim\u0027s private key after a small number of key exchange attempts. This information disclosure can lead to unauthorized access or further compromise of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: FFC-DH Peer Validation Uses Attacker-Supplied q",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low severity flaw in OpenSSL affects systems configured to use DHX (X9.42) peer keys for key derivation, allowing a malicious peer to potentially recover a victim\u0027s private key. The attack requires specific conditions, such as long-lived RA/CA DHX keys in CMP deployments or bespoke applications utilizing X9.42 DHX static keys with interactive protocols, limiting its broader impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42770"
},
{
"category": "external",
"summary": "RHBZ#2481894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481894"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42770"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: FFC-DH Peer Validation Uses Attacker-Supplied q"
},
{
"cve": "CVE-2026-45445",
"cwe": {
"id": "CWE-1204",
"name": "Generation of Weak Initialization Vector (IV)"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481896"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface (EVP_Cipher()) will have their provided Initialization Vector (IV) silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the confidentiality of encrypted data. Additionally, this issue allows for the universal forgery of authentication tags, undermining the integrity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: AES-OCB IV Ignored on EVP_Cipher() Path",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Moderate severity flaw where applications utilizing the AES-OCB cipher through OpenSSL\u0027s EVP_Cipher() one-shot interface may silently discard the provided initialization vector (IV). This leads to nonce reuse, compromising confidentiality and enabling universal forgery of authentication tags. Red Hat products are primarily affected if they include or rely on third-party applications that specifically employ this less common and discouraged API usage with AES-OCB, as standard OpenSSL SSL/TLS implementations and applications using the recommended streaming AEAD API are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45445"
},
{
"category": "external",
"summary": "RHBZ#2481896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45445",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45445"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: AES-OCB IV Ignored on EVP_Cipher() Path"
},
{
"cve": "CVE-2026-45446",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481897"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The implementations of AES-SIV (Advanced Encryption Standard - SIV) and AES-GCM-SIV (Advanced Encryption Standard - Galois/Counter Mode - SIV) incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages with arbitrary Additional Authenticated Data (AAD) in applications that utilize these specific cipher modes within custom protocols and do not properly handle zero-length ciphertexts. This could lead to unauthorized data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Low impact. It affects applications that utilize OpenSSL\u0027s AES-SIV or AES-GCM-SIV modes within custom protocols and specifically mishandle empty ciphertexts. Standard OpenSSL protocols, such as TLS, are not affected. Successful exploitation requires an application to use the EVP interface and to skip ciphertext updates when processing zero-length ciphertexts, representing an uncommon and non-default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45446"
},
{
"category": "external",
"summary": "RHBZ#2481897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481897"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45446"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45446",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45446"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "The vulnerability arises from specific application implementations using OpenSSL\u0027s AES-SIV or AES-GCM-SIV modes with custom protocols and an atypical handling of empty ciphertexts. As this scenario is not a default or commonly deployed configuration in Red Hat products, and no direct configuration or operational control exists to mitigate this specific flaw without patching, the following applies:\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes"
},
{
"cve": "CVE-2026-45447",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481898"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#7 or S/MIME (Secure/Multipurpose Internet Mail Extensions) signed message, a heap use-after-free vulnerability in the PKCS7_verify() function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, leading to incorrect memory deallocation. A remote attacker could exploit this to cause application crashes, memory corruption, or potentially achieve remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This High severity heap use-after-free flaw in OpenSSL\u0027s PKCS7_verify() function can be triggered by processing a specially crafted PKCS#7 or S/MIME signed message. This could lead to application crashes, memory corruption, or potentially remote code execution, impacting services that handle such messages. The vulnerability specifically affects applications utilizing OpenSSL PKCS#7 APIs, while those using CMS APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45447"
},
{
"category": "external",
"summary": "RHBZ#2481898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481898"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45447"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45447"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()"
}
]
}
RHSA-2026:7261
Vulnerability from csaf_redhat - Published: 2026-04-09 08:50 - Updated: 2026-07-08 14:12A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the OpenSSL SM2 algorithm implementation on 64-bit ARM platforms. This vulnerability allows recovery of the private key via timing side-channel analysis during signature computations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.
CWE-125 - Out-of-bounds Read| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. This vulnerability could lead to data corruption, application crashes, or, in severe cases, arbitrary code execution. This issue is highly specific and uncommon, as it only affects clients using both PKIX-TA(0)/PKIX-EE(1) and DANE-TA(2) certificate usages and communicating with a server publishing a TLSA record set with both types of records.
CWE-1341 - Multiple Releases of Same Resource or Handle| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:openssl-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:openssl-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7261",
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9232",
"url": "https://access.redhat.com/security/cve/CVE-2025-9232"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9231",
"url": "https://access.redhat.com/security/cve/CVE-2025-9231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11187",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69421",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69420",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69419",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69418",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68160",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66199",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15469",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15468",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15467",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31789",
"url": "https://access.redhat.com/security/cve/CVE-2026-31789"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28389",
"url": "https://access.redhat.com/security/cve/CVE-2026-28389"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28388",
"url": "https://access.redhat.com/security/cve/CVE-2026-28388"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28387",
"url": "https://access.redhat.com/security/cve/CVE-2026-28387"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28386",
"url": "https://access.redhat.com/security/cve/CVE-2026-28386"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28390",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22795",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2673",
"url": "https://access.redhat.com/security/cve/CVE-2026-2673"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22796",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7261.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-08T14:12:47+00:00",
"generator": {
"date": "2026-07-08T14:12:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7261",
"initial_release_date": "2026-04-09T08:50:10+00:00",
"revision_history": [
{
"date": "2026-04-09T08:50:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T20:01:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T14:12:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-main@aarch64",
"product": {
"name": "openssl-main@aarch64",
"product_id": "openssl-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.6-0.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-main@src",
"product": {
"name": "openssl-main@src",
"product_id": "openssl-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.6-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-main@x86_64",
"product": {
"name": "openssl-main@x86_64",
"product_id": "openssl-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.5.6-0.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:openssl-main@aarch64"
},
"product_reference": "openssl-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:openssl-main@src"
},
"product_reference": "openssl-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:openssl-main@x86_64"
},
"product_reference": "openssl-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9231",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2025-09-17T12:18:12.109000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396055"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL SM2 algorithm implementation on 64-bit ARM platforms. This vulnerability allows recovery of the private key via timing side-channel analysis during signature computations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while it could enable recovery of private keys through timing side-channel analysis on 64-bit ARM platforms, successful exploitation requires high-precision timing measurements and a specialized attack setup. OpenSSL does not natively support SM2 certificates in TLS, limiting the exposure in common use cases. The issue only becomes relevant in custom provider contexts where SM2 is enabled, further reducing the likelihood of widespread impact. Therefore, although the confidentiality impact is high if exploited, the practical attack complexity and limited applicability justify a Moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9231"
},
{
"category": "external",
"summary": "RHBZ#2396055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396055"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9231"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM"
},
{
"cve": "CVE-2025-9232",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-17T12:21:09.388000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read in HTTP client no_proxy handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was rated as Low severity because exploitation requires a very specific set of conditions: the application must pass an attacker-controlled IPv6 URL to the OpenSSL HTTP client functions, and the no_proxy environment variable must be set by the user. Even under these conditions, the issue can only lead to an out-of-bounds read resulting in a crash, causing an application level denial of service. There is no potential for information disclosure or remote code execution. Additionally, typical use cases of the OpenSSL HTTP client (e.g., in OCSP or CMP) do not involve attacker-controlled URLs, which further reduces the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9232"
},
{
"category": "external",
"summary": "RHBZ#2396056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Out-of-bounds read in HTTP client no_proxy handling"
},
{
"cve": "CVE-2025-11187",
"cwe": {
"id": "CWE-233",
"name": "Improper Handling of Parameters"
},
"discovery_date": "2026-01-16T14:21:50.559000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430375"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. It affects OpenSSL versions 3.6, 3.5, and 3.4, where improper validation of PBMAC1 parameters in PKCS#12 MAC verification can lead to a stack buffer overflow or NULL pointer dereference. Exploitation requires an application to process a maliciously crafted PKCS#12 file, which is uncommon as these files are typically trusted. OpenSSL versions 3.3, 3.0, 1.1.1, and 1.0.2 are not affected as they do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11187"
},
{
"category": "external",
"summary": "RHBZ#2430375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted PKCS#12 files. Applications should only handle PKCS#12 files from trusted sources, as these files are typically used for storing private keys and are expected to be secure.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-15468",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:51.062000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430377"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The NULL pointer dereference in the `SSL_CIPHER_find()` function, affecting OpenSSL versions 3.3, 3.4, 3.5, and 3.6, occurs only when applications utilizing the QUIC protocol uncommonly invoke this function from the `client_hello_cb` callback with an unknown cipher ID. This specific usage pattern and the resulting Denial of Service limit the overall impact in the Red Hat context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15468"
},
{
"category": "external",
"summary": "RHBZ#2430377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15468"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling"
},
{
"cve": "CVE-2025-15469",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-16T14:21:51.411000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The flaw affects the `openssl dgst` command-line tool when used with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) on files larger than 16MB. Impact is limited as it requires both signing and verification to be performed using the affected command, and verifiers using library APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15469"
},
{
"category": "external",
"summary": "RHBZ#2430378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15469"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `openssl dgst` command with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) for files larger than 16MB. Instead, utilize streaming digest algorithms with `openssl dgst` or use library APIs for signing and verification, as these are not affected by the truncation vulnerability. Users should ensure that input files for one-shot signing/verification with `openssl dgst` do not exceed 16MB.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation"
},
{
"cve": "CVE-2025-66199",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-16T14:21:51.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in OpenSSL 3.3, 3.4, 3.5, and 3.6 allows an attacker to cause excessive memory allocation during TLS 1.3 handshake with certificate compression, potentially leading to a Denial of Service. This affects both clients and servers in mutual TLS scenarios where certificate compression is negotiated. Servers not requesting client certificates are not vulnerable to client-initiated attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66199"
},
{
"category": "external",
"summary": "RHBZ#2430379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the reception of compressed certificates by setting the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option in OpenSSL configurations. This will prevent the vulnerable code path from being exercised.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression"
},
{
"cve": "CVE-2025-68160",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-01-16T14:21:52.088000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430380"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat. The `BIO_f_linebuffer` filter, where this heap out-of-bounds write occurs, is not used by default in TLS/SSL data paths within Red Hat products. Exploitation requires third-party applications to explicitly use this filter with a BIO chain that can short-write and process large, newline-free data influenced by an attacker, which is an unlikely scenario under attacker control. Red Hat FIPS modules are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68160"
},
{
"category": "external",
"summary": "RHBZ#2430380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter"
},
{
"cve": "CVE-2025-69418",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-16T14:21:52.438000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, impact is limited because typical OpenSSL consumers using higher-level EVP APIs are not affected. The flaw only manifests when applications directly call low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in hardware-accelerated builds. Additionally, TLS does not use OCB ciphersuites, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69418"
},
{
"category": "external",
"summary": "RHBZ#2430381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls"
},
{
"cve": "CVE-2025-69419",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-01-16T14:21:52.793000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL\u0027s PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69419"
},
{
"category": "external",
"summary": "RHBZ#2430386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing"
},
{
"cve": "CVE-2025-69420",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.497000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the TimeStamp Response verification code can lead to a Denial of Service when processing a specially crafted TimeStamp Response. Exploitation requires an application to call `TS_RESP_verify_response()` with a malformed response, and the TimeStamp protocol (RFC 3161) is not widely used. Red Hat FIPS modules are not affected as the TimeStamp Response implementation is outside the FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69420"
},
{
"category": "external",
"summary": "RHBZ#2430388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response"
},
{
"cve": "CVE-2025-69421",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-01-16T14:21:53.845000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat because it requires an application to process a specially crafted, malformed PKCS#12 file, leading to a Denial of Service. The vulnerability is limited to a crash and cannot be escalated to achieve code execution or memory disclosure. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69421"
},
{
"category": "external",
"summary": "RHBZ#2430387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Restrict applications from processing untrusted or externally supplied PKCS#12 files, ensuring certificates are sourced only from trusted internal authorities. Additionally, configure critical background services with automatic restart policies (such as systemd\u0027s Restart=on-failure) to quickly restore availability if a denial-of-service crash occurs.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing"
},
{
"cve": "CVE-2026-2673",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-13T14:01:14.098405+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447327"
}
],
"notes": [
{
"category": "description",
"text": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client\u0027s initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of this flaw is limited to the choice of key agreement groups in a specific TLS connection. While a less a preferred key agreement group may allow for a connection to lack post-quantum protection, it is important to know that the connection will still be encrypted with a secure classical cipher and that the degradation of the cipher is limited to the active connection and is not a persistent degradation. Groups which the server operator has disallowed will not be used and it may be the case that the client and server fail to agree upon a key exchange group which would prevent the offending client from constructing a TLS connection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2673"
},
{
"category": "external",
"summary": "RHBZ#2447327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f",
"url": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34",
"url": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260313.txt",
"url": "https://openssl-library.org/news/secadv/20260313.txt"
}
],
"release_date": "2026-03-13T13:23:00.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group"
},
{
"cve": "CVE-2026-22795",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-01-16T14:21:53.146000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. An application processing a maliciously crafted PKCS#12 file can be caused to dereference an invalid or NULL pointer, resulting in a Denial of Service. In the Red Hat context, impact is limited as PKCS#12 files are typically used for trusted private keys and are not commonly accepted from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22795"
},
{
"category": "external",
"summary": "RHBZ#2430389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing"
},
{
"cve": "CVE-2026-22796",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-16T14:43:21.598000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A type confusion flaw in the legacy PKCS#7 API can lead to a Denial of Service when processing specially crafted PKCS#7 data. Exploitation requires an application to perform signature verification of malformed PKCS#7 data. Red Hat products utilizing the FIPS module are not affected as the PKCS#7 parsing is outside the module boundary.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22796"
},
{
"category": "external",
"summary": "RHBZ#2430390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification"
},
{
"cve": "CVE-2026-28386",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-03-25T02:58:58.647000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Denial of Service due to out-of-bounds read in AES-CFB128",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has a Moderate impact on Red Hat products. It affects applications utilizing AES-CFB128 encryption or decryption on systems equipped with AVX-512 and VAES, potentially leading to a Denial of Service due to an out-of-bounds read when processing partial cipher blocks under specific memory conditions. The CFB mode is not employed in widely used protocols such as TLS/DTLS, which limits the applicability of this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28386"
},
{
"category": "external",
"summary": "RHBZ#2451099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28386",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28386"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Denial of Service due to out-of-bounds read in AES-CFB128"
},
{
"cve": "CVE-2026-28387",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-03-25T02:59:08.773000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451098"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. This vulnerability could lead to data corruption, application crashes, or, in severe cases, arbitrary code execution. This issue is highly specific and uncommon, as it only affects clients using both PKIX-TA(0)/PKIX-EE(1) and DANE-TA(2) certificate usages and communicating with a server publishing a TLSA record set with both types of records.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact vulnerability affects clients performing DANE TLSA-based server authentication only when configured with an uncommon combination of PKIX-TA(0/PKIX-EE(1) and DANE-TA(2) certificate usages. Most common SMTP MTA deployments are not vulnerable as they are recommended to treat PKIX certificate usages as unusable. Exploitation also requires communication with a server publishing a TLSA RRset with both types of records.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28387"
},
{
"category": "external",
"summary": "RHBZ#2451098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451098"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28387"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication"
},
{
"cve": "CVE-2026-28388",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-03-25T02:59:08.771000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low impact. This vulnerability in X.509 certificate verification can lead to a Denial of Service (DoS) due to a NULL pointer dereference when processing a malformed delta Certificate Revocation List (CRL). Exploitation requires the `X509_V_FLAG_USE_DELTAS` flag to be enabled in the verification context, a certificate with a `freshestCRL` extension or a base CRL with `EXFLAG_FRESHEST` set, and an attacker-provided malformed CRL. This flaw is limited to DoS and does not allow for code execution or memory disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28388"
},
{
"category": "external",
"summary": "RHBZ#2451097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that delta CRL processing is not enabled in applications that do not require it. This vulnerability is only exploitable when the `X509_V_FLAG_USE_DELTAS` flag is explicitly set within the X.509 verification context. Review application configurations to confirm that this flag is not enabled unless absolutely necessary for your security policy. Disabling this flag will prevent the vulnerable code path from being exercised. Specific implementation details will vary depending on the application utilizing X.509 certificate verification.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing"
},
{
"cve": "CVE-2026-28389",
"cwe": {
"id": "CWE-166",
"name": "Improper Handling of Missing Special Element"
},
"discovery_date": "2026-03-25T02:59:08.822000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451096"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw affects applications processing Cryptographic Message Syntax (CMS) data, specifically crafted CMS EnvelopedData messages with KeyAgreeRecipientInfo. A NULL pointer dereference can occur if the optional parameters field of KeyEncryptionAlgorithmIdentifier is missing, leading to a Denial of Service. Red Hat products are vulnerable if they call `CMS_decrypt()` or `PKCS7_decrypt()` on untrusted input, such as in S/MIME processing or CMS-based protocols.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28389"
},
{
"category": "external",
"summary": "RHBZ#2451096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451096"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing untrusted CMS EnvelopedData messages with KeyAgreeRecipientInfo. Restrict network access to services that process CMS data from untrusted sources. If possible, configure applications to only accept CMS data from trusted origins. This operational control helps reduce exposure to the vulnerability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing"
},
{
"cve": "CVE-2026-28390",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-04-07T23:01:18.313921+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456314"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been rated as moderate by redhat because the vulnerability is limited to a denial-of-service condition caused by a NULL pointer dereference in OpenSSL CMS processing, without evidence of memory corruption or code execution, furthermore the Affected functionality is niche. The vulnerable path requires:\nCMS/S/MIME processing,\nspecifically CMS_decrypt(),\nwith RSA-OAEP KeyTransportRecipientInfo.\nMany OpenSSL consumers never use CMS APIs, never process S/MIME,\nor do not decrypt attacker-controlled CMS objects.\nSo exposure is far narrower than a generic TLS parsing vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "RHBZ#2456314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc",
"url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6",
"url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4",
"url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788",
"url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75",
"url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T22:00:54.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Applications that process Cryptographic Message Syntax (CMS) EnvelopedData messages should be configured to only accept input from trusted sources. Restricting network access to services that process untrusted CMS data can also reduce exposure to this Denial of Service vulnerability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing"
},
{
"cve": "CVE-2026-31789",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-03-25T02:59:09.213000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue has a Low impact. The vulnerability affects 32-bit systems and requires an application or service to process an unusually large X.509 certificate (over 1 Gigabyte) by printing or logging its contents. This specific condition makes exploitation unlikely in typical Red Hat environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31789"
},
{
"category": "external",
"summary": "RHBZ#2451095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid processing or logging untrusted X.509 certificates, particularly those with unusually large OCTET STRING values. Restricting the source of X.509 certificates to trusted entities can reduce exposure to this vulnerability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T08:50:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7261"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:openssl-main@aarch64",
"Red Hat Hardened Images:openssl-main@src",
"Red Hat Hardened Images:openssl-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.