Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-25724 (GCVE-0-2025-25724)
Vulnerability from cvelistv5
Published
2025-03-02 00:00
Modified
2025-03-04 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-252 - Unchecked Return Value
Summary
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| libarchive | libarchive |
Version: 0 ≤ 3.7.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:00:32.541478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:00:41.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "libarchive",
"vendor": "libarchive",
"versions": [
{
"lessThanOrEqual": "3.7.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-02T01:22:26.132Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
},
{
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-25724",
"datePublished": "2025-03-02T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-03-04T19:00:41.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-25724\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-03-02T02:15:36.603\",\"lastModified\":\"2025-07-17T15:56:36.083\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.\"},{\"lang\":\"es\",\"value\":\"list_item_verbose en tar/util.c en libarchive hasta 3.7.7 no verifica un valor de retorno de strftime, lo que puede provocar una denegaci\u00f3n de servicio u otro impacto no especificado a trav\u00e9s de un archivo TAR manipulado que se lee con un valor verbose de 2. Por ejemplo, el b\u00fafer de 100 bytes puede no ser suficiente para una configuraci\u00f3n regional personalizada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.7.7\",\"matchCriteriaId\":\"BF70A827-B7CB-4155-8FBC-73D52403367C\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Ekkosun/pocs/blob/main/bsdtarbug\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-25724\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-04T19:00:32.541478Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-04T19:00:36.589Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\"}}], \"affected\": [{\"vendor\": \"libarchive\", \"product\": \"libarchive\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.7.7\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://github.com/Ekkosun/pocs/blob/main/bsdtarbug\"}, {\"url\": \"https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752\"}, {\"url\": \"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-252\", \"description\": \"CWE-252 Unchecked Return Value\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"3.7.7\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-03-02T01:22:26.132Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-25724\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-04T19:00:41.262Z\", \"dateReserved\": \"2025-02-07T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-03-02T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:9420
Vulnerability from csaf_redhat
Published
2025-06-24 01:13
Modified
2025-10-10 16:57
Summary
Red Hat Security Advisory: libarchive security update
Notes
Topic
An update for libarchive is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libarchive is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9420",
"url": "https://access.redhat.com/errata/RHSA-2025:9420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9420.json"
}
],
"title": "Red Hat Security Advisory: libarchive security update",
"tracking": {
"current_release_date": "2025-10-10T16:57:41+00:00",
"generator": {
"date": "2025-10-10T16:57:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:9420",
"initial_release_date": "2025-06-24T01:13:14+00:00",
"revision_history": [
{
"date": "2025-06-24T01:13:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-24T01:13:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T16:57:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.src",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.src",
"product_id": "libarchive-0:3.7.7-3.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.aarch64",
"product_id": "libarchive-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"product_id": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdunzip-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_id": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"product_id": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.7.7-3.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"product": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"product_id": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.7.7-3.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"product_id": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"product_id": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdunzip-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_id": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"product_id": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.7.7-3.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"product": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"product_id": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.7.7-3.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.x86_64",
"product_id": "libarchive-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"product_id": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdunzip-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_id": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"product_id": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.7.7-3.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"product": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"product_id": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.7.7-3.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "libarchive-0:3.7.7-3.el10_0.s390x",
"product_id": "libarchive-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"product_id": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdunzip-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_id": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "bsdtar-0:3.7.7-3.el10_0.s390x",
"product_id": "bsdtar-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.7.7-3.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"product": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"product_id": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.7.7-3.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.src"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdtar-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.src"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.src",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.7.7-3.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
},
"product_reference": "libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-03-02T02:00:39.907582+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Buffer Overflow vulnerability in libarchive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat employs static and dynamic security testing and numerous program hardening technologies as part of our Secure Development Lifecycle. These tests and means of hardening our software prevent or reduce the impact of flaws and increase the complexity of attacks.\n\nReturn values from critical operations are consistently evaluated through enforced development standards and automated static analysis, reducing the likelihood of logic flaws or silent failures reaching production. Error-handling routines are integrated into application behavior to ensure that failures are properly logged, traced, and contained, maintaining system stability under fault conditions. Additionally, the platform is designed to respond to errors predictably, preventing uncontrolled behavior and ensuring that processes fail in a known, recoverable state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "RHBZ#2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
},
{
"category": "external",
"summary": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"category": "external",
"summary": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug",
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752",
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"release_date": "2025-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-24T01:13:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"AppStream-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"AppStream-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcat-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdcpio-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdtar-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:bsdunzip-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.src",
"BaseOS-10.0.Z:libarchive-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debuginfo-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-debugsource-0:3.7.7-3.el10_0.x86_64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.aarch64",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.ppc64le",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.s390x",
"BaseOS-10.0.Z:libarchive-devel-0:3.7.7-3.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libarchive: Buffer Overflow vulnerability in libarchive"
}
]
}
rhsa-2025:11487
Vulnerability from csaf_redhat
Published
2025-07-21 19:25
Modified
2025-10-30 14:55
Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11487",
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-53920",
"url": "https://access.redhat.com/security/cve/CVE-2024-53920"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-25724",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-3576",
"url": "https://access.redhat.com/security/cve/CVE-2025-3576"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4802",
"url": "https://access.redhat.com/security/cve/CVE-2025-4802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5702",
"url": "https://access.redhat.com/security/cve/CVE-2025-5702"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11487.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2025-10-30T14:55:35+00:00",
"generator": {
"date": "2025-10-30T14:55:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.10"
}
},
"id": "RHSA-2025:11487",
"initial_release_date": "2025-07-21T19:25:21+00:00",
"revision_history": [
{
"date": "2025-07-21T19:25:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-21T19:25:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-30T14:55:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ac499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.0-1752592913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Acb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.0-1752593703"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Abd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.0-1752592913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=2.0.0-1752593703"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53920",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-11-27T15:01:05.611448+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2329161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "emacs: arbitrary code execution via Lisp macro expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into opening an Emacs Lisp source code file with a crafted macro definition. Additionally, the user must have `elisp-completion-at-point` configured or automatic error checking enabled.\nFor these reasons, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform leverages a web application firewall (WAF) to filter and block malicious input before it reaches the application. It applies managed and custom rule sets to detect suspicious patterns such as embedded scripting functions and remote code execution attempts. By enforcing strict input validation and preventing unauthorized execution of user-supplied code, the WAF reduces the risk of exploitation. Additional protections like rate limiting and bot mitigation help prevent automated injection attacks, while integration with logging, monitoring, and threat detection systems enhances visibility and response capabilities. Through real-time monitoring and automated blocking, the WAF provides a strong layer of defense against code injection vulnerabilities, lowering the likelihood of successful exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53920"
},
{
"category": "external",
"summary": "RHBZ#2329161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53920"
},
{
"category": "external",
"summary": "https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html",
"url": "https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html"
},
{
"category": "external",
"summary": "https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/",
"url": "https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/"
}
],
"release_date": "2024-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Do not open or view untrusted Emacs Lisp source code files.\n\nDisabling auto-completion features and automatic error checking such as Flymake or Flycheck in untrusted Emacs Lisp source code files will mitigate this vulnerability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "emacs: arbitrary code execution via Lisp macro expansion"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"discovery_date": "2025-04-14T11:00:53.484000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359465"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as a moderate severity vulnerability because it affects the handling of PKINIT requests during ASN.1 decoding in krb5. Exploitation requires specific and uncommon configurations, including a Kerberos environment with PKINIT enabled. Additionally, successful exploitation depends on triggering specific memory allocation failures or parser behaviors, contributing to a high attack complexity.The attack requires that PKINIT is actively configured and in use, and cannot be exploited remotely without this setup in place, making the practical risk limited in standard environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-3576"
},
{
"category": "external",
"summary": "RHBZ#2359465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576"
},
{
"category": "external",
"summary": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html",
"url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html"
}
],
"release_date": "2025-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2025-05-20T12:53:17.126000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367468"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue can only be exploitable by a local attacker via a static setuid program that calls the dlopen function, causing the library to search LD_LIBRARY_PATH to locate the shared object name to load. No such programs have been found in Red Hat Enterprise Linux at the time of publishing this advisory. However, custom setuid programs, although strongly discouraged as a security practice, may exist and can not be discarded. Due to these reasons, this flaw has been rated with a moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-426: Untrusted Search Path) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces least functionality by enabling only essential features, services, and ports, thereby reducing the system\u2019s attack surface. Static code analysis, peer reviews, and robust input validation and error handling detect unsafe input that could affect execution timing or path resolution. Real-time threat detection, including IPS/IDS, antimalware, and continuous system monitoring, enables rapid identification of exploitation attempts. Process isolation and Kubernetes orchestration reduce the likelihood of concurrent execution conflicts and contain any impact to isolated workloads. Executable search paths are restricted to trusted, explicitly defined directories, mitigating the risk of executing malicious files. These controls effectively lower the likelihood and impact of race conditions and untrusted path exploitation in the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4802"
},
{
"category": "external",
"summary": "RHBZ#2367468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4802"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/16/7",
"url": "https://www.openwall.com/lists/oss-security/2025/05/16/7"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/17/2",
"url": "https://www.openwall.com/lists/oss-security/2025/05/17/2"
}
],
"release_date": "2025-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH"
},
{
"cve": "CVE-2025-5702",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-06-05T19:00:53.922197+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370472"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: Vector register overwrite bug in glibc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is marked as a Moderate vulnerability rather than an Important one because, while it violates the PowerPC64LE ABI by overwriting non-volatile vector registers (v20 to v31) in the optimized strcmp implementation, its impact is highly context-dependent. The vulnerability does not result in immediate memory corruption, privilege escalation, or remote code execution on its own. It only poses a risk if the overwritten registers were actively holding critical state across the call to strcmp, which is uncommon in typical usage patterns of the function. Moreover, since this issue occurs in an architecture-specific optimization path for Power10 and affects a relatively recent version of glibc (2.39+), its exposure is limited in scope and deployment.\n\nNote that this vulnerability only impacts POWER10 (ppc64le), not POWER9, nor the aarch64, s390x, x86-64 products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5702"
},
{
"category": "external",
"summary": "RHBZ#2370472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370472"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5702"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33056",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33056"
}
],
"release_date": "2025-06-05T18:23:57.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: Vector register overwrite bug in glibc"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-03-02T02:00:39.907582+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Buffer Overflow vulnerability in libarchive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat employs static and dynamic security testing and numerous program hardening technologies as part of our Secure Development Lifecycle. These tests and means of hardening our software prevent or reduce the impact of flaws and increase the complexity of attacks.\n\nReturn values from critical operations are consistently evaluated through enforced development standards and automated static analysis, reducing the likelihood of logic flaws or silent failures reaching production. Error-handling routines are integrated into application behavior to ensure that failures are properly logged, traced, and contained, maintaining system stability under fault conditions. Additionally, the platform is designed to respond to errors predictably, preventing uncontrolled behavior and ensuring that processes fail in a known, recoverable state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "RHBZ#2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
},
{
"category": "external",
"summary": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"category": "external",
"summary": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug",
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752",
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"release_date": "2025-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T19:25:21+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:728ad644c83c3828f8bdc3b6aad9b1d30110f9911f0febcea5f0cfedc6b29dc7_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:cb27ba3c1340e59001ddf83d311d952a4c11f9d4fa18bdab9f4a914370957948_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libarchive: Buffer Overflow vulnerability in libarchive"
}
]
}
rhsa-2025:9431
Vulnerability from csaf_redhat
Published
2025-06-24 06:58
Modified
2025-10-10 16:57
Summary
Red Hat Security Advisory: libarchive security update
Notes
Topic
An update for libarchive is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libarchive is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9431",
"url": "https://access.redhat.com/errata/RHSA-2025:9431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9431.json"
}
],
"title": "Red Hat Security Advisory: libarchive security update",
"tracking": {
"current_release_date": "2025-10-10T16:57:41+00:00",
"generator": {
"date": "2025-10-10T16:57:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:9431",
"initial_release_date": "2025-06-24T06:58:35+00:00",
"revision_history": [
{
"date": "2025-06-24T06:58:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-24T06:58:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-10T16:57:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"product_id": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.aarch64",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.aarch64",
"product_id": "libarchive-0:3.5.3-5.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"product_id": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"product_id": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"product_id": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.x86_64",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.x86_64",
"product_id": "libarchive-0:3.5.3-5.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.i686",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.i686",
"product_id": "libarchive-0:3.5.3-5.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "bsdtar-0:3.5.3-5.el9_6.s390x",
"product_id": "bsdtar-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"product_id": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-devel@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"product_id": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debugsource@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_id": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcat-debuginfo@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_id": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdcpio-debuginfo@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_id": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bsdtar-debuginfo@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_id": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive-debuginfo@3.5.3-5.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.s390x",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.s390x",
"product_id": "libarchive-0:3.5.3-5.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive-0:3.5.3-5.el9_6.src",
"product": {
"name": "libarchive-0:3.5.3-5.el9_6.src",
"product_id": "libarchive-0:3.5.3-5.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdtar-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-0:3.5.3-5.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
},
"product_reference": "libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-03-02T02:00:39.907582+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Buffer Overflow vulnerability in libarchive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat employs static and dynamic security testing and numerous program hardening technologies as part of our Secure Development Lifecycle. These tests and means of hardening our software prevent or reduce the impact of flaws and increase the complexity of attacks.\n\nReturn values from critical operations are consistently evaluated through enforced development standards and automated static analysis, reducing the likelihood of logic flaws or silent failures reaching production. Error-handling routines are integrated into application behavior to ensure that failures are properly logged, traced, and contained, maintaining system stability under fault conditions. Additionally, the platform is designed to respond to errors predictably, preventing uncontrolled behavior and ensuring that processes fail in a known, recoverable state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "RHBZ#2349221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
},
{
"category": "external",
"summary": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"category": "external",
"summary": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug",
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752",
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"release_date": "2025-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-24T06:58:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9431"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcat-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdcpio-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:bsdtar-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debuginfo-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-debugsource-0:3.5.3-5.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libarchive-devel-0:3.5.3-5.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libarchive: Buffer Overflow vulnerability in libarchive"
}
]
}
suse-su-2025:0986-1
Vulnerability from csaf_suse
Published
2025-03-21 17:49
Modified
2025-03-21 17:49
Summary
Security update for libarchive
Notes
Title of the patch
Security update for libarchive
Description of the patch
This update for libarchive fixes the following issues:
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610).
Patchnames
SUSE-2025-986,SUSE-SLE-Micro-5.3-2025-986,SUSE-SLE-Micro-5.4-2025-986,SUSE-SLE-Micro-5.5-2025-986
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-986,SUSE-SLE-Micro-5.3-2025-986,SUSE-SLE-Micro-5.4-2025-986,SUSE-SLE-Micro-5.5-2025-986",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0986-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0986-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250986-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0986-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020576.html"
},
{
"category": "self",
"summary": "SUSE Bug 1238610",
"url": "https://bugzilla.suse.com/1238610"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25724/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-03-21T17:49:33Z",
"generator": {
"date": "2025-03-21T17:49:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0986-1",
"initial_release_date": "2025-03-21T17:49:33Z",
"revision_history": [
{
"date": "2025-03-21T17:49:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.aarch64",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.aarch64",
"product_id": "bsdtar-3.5.1-150400.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.aarch64",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.aarch64",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"product_id": "libarchive13-3.5.1-150400.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.5.1-150400.3.18.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.5.1-150400.3.18.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.5.1-150400.3.18.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.i586",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.i586",
"product_id": "bsdtar-3.5.1-150400.3.18.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.i586",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.i586",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.i586",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.i586",
"product_id": "libarchive13-3.5.1-150400.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.ppc64le",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.ppc64le",
"product_id": "bsdtar-3.5.1-150400.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.ppc64le",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.ppc64le",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.ppc64le",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.ppc64le",
"product_id": "libarchive13-3.5.1-150400.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.s390x",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.s390x",
"product_id": "bsdtar-3.5.1-150400.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.s390x",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.s390x",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.s390x",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.s390x",
"product_id": "libarchive13-3.5.1-150400.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.5.1-150400.3.18.1.x86_64",
"product": {
"name": "bsdtar-3.5.1-150400.3.18.1.x86_64",
"product_id": "bsdtar-3.5.1-150400.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.5.1-150400.3.18.1.x86_64",
"product": {
"name": "libarchive-devel-3.5.1-150400.3.18.1.x86_64",
"product_id": "libarchive-devel-3.5.1-150400.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"product": {
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"product_id": "libarchive13-3.5.1-150400.3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.5.1-150400.3.18.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.5.1-150400.3.18.1.x86_64",
"product_id": "libarchive13-32bit-3.5.1-150400.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.aarch64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.ppc64le"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.s390x"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.5.1-150400.3.18.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.x86_64"
},
"product_reference": "libarchive13-3.5.1-150400.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25724"
}
],
"notes": [
{
"category": "general",
"text": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25724",
"url": "https://www.suse.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "SUSE Bug 1238610 for CVE-2025-25724",
"url": "https://bugzilla.suse.com/1238610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libarchive13-3.5.1-150400.3.18.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libarchive13-3.5.1-150400.3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:49:33Z",
"details": "low"
}
],
"title": "CVE-2025-25724"
}
]
}
suse-su-2025:0985-1
Vulnerability from csaf_suse
Published
2025-03-21 17:45
Modified
2025-03-21 17:45
Summary
Security update for libarchive
Notes
Title of the patch
Security update for libarchive
Description of the patch
This update for libarchive fixes the following issues:
- CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606)
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610)
Patchnames
SUSE-2025-985,SUSE-SLE-Module-Basesystem-15-SP6-2025-985,SUSE-SLE-Module-Development-Tools-15-SP6-2025-985,openSUSE-SLE-15.6-2025-985
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libarchive",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libarchive fixes the following issues:\n\n- CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606)\n- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-985,SUSE-SLE-Module-Basesystem-15-SP6-2025-985,SUSE-SLE-Module-Development-Tools-15-SP6-2025-985,openSUSE-SLE-15.6-2025-985",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0985-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0985-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250985-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0985-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020577.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237606",
"url": "https://bugzilla.suse.com/1237606"
},
{
"category": "self",
"summary": "SUSE Bug 1238610",
"url": "https://bugzilla.suse.com/1238610"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1632 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25724/"
}
],
"title": "Security update for libarchive",
"tracking": {
"current_release_date": "2025-03-21T17:45:17Z",
"generator": {
"date": "2025-03-21T17:45:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0985-1",
"initial_release_date": "2025-03-21T17:45:17Z",
"revision_history": [
{
"date": "2025-03-21T17:45:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.aarch64",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.aarch64",
"product_id": "bsdtar-3.7.2-150600.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.aarch64",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.aarch64",
"product_id": "libarchive13-3.7.2-150600.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libarchive13-64bit-3.7.2-150600.3.12.1.aarch64_ilp32",
"product": {
"name": "libarchive13-64bit-3.7.2-150600.3.12.1.aarch64_ilp32",
"product_id": "libarchive13-64bit-3.7.2-150600.3.12.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.i586",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.i586",
"product_id": "bsdtar-3.7.2-150600.3.12.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.i586",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.i586",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.i586"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.i586",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.i586",
"product_id": "libarchive13-3.7.2-150600.3.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.ppc64le",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.ppc64le",
"product_id": "bsdtar-3.7.2-150600.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.ppc64le",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.ppc64le",
"product_id": "libarchive13-3.7.2-150600.3.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.s390x",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.s390x",
"product_id": "bsdtar-3.7.2-150600.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.s390x",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.s390x",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.s390x",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.s390x",
"product_id": "libarchive13-3.7.2-150600.3.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.2-150600.3.12.1.x86_64",
"product": {
"name": "bsdtar-3.7.2-150600.3.12.1.x86_64",
"product_id": "bsdtar-3.7.2-150600.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"product": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"product_id": "libarchive-devel-3.7.2-150600.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.2-150600.3.12.1.x86_64",
"product": {
"name": "libarchive13-3.7.2-150600.3.12.1.x86_64",
"product_id": "libarchive13-3.7.2-150600.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64",
"product_id": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.2-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "bsdtar-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.2-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.2-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive13-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
},
"product_reference": "libarchive13-32bit-3.7.2-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1632"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1632",
"url": "https://www.suse.com/security/cve/CVE-2025-1632"
},
{
"category": "external",
"summary": "SUSE Bug 1237606 for CVE-2025-1632",
"url": "https://bugzilla.suse.com/1237606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:45:17Z",
"details": "moderate"
}
],
"title": "CVE-2025-1632"
},
{
"cve": "CVE-2025-25724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25724"
}
],
"notes": [
{
"category": "general",
"text": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25724",
"url": "https://www.suse.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "SUSE Bug 1238610 for CVE-2025-25724",
"url": "https://bugzilla.suse.com/1238610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.s390x",
"openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.12.1.x86_64",
"openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-21T17:45:17Z",
"details": "low"
}
],
"title": "CVE-2025-25724"
}
]
}
ncsc-2025-0330
Vulnerability from csaf_ncscnl
Published
2025-10-23 13:20
Modified
2025-10-23 13:20
Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.
Interpretaties
De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden variëren van 3.1 tot 9.8, wat wijst op een breed scala aan risico's, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23
Relative Path Traversal
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121
Stack-based Buffer Overflow
CWE-122
Heap-based Buffer Overflow
CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE-125
Out-of-bounds Read
CWE-129
Improper Validation of Array Index
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-147
Improper Neutralization of Input Terminators
CWE-190
Integer Overflow or Wraparound
CWE-197
Numeric Truncation Error
CWE-241
Improper Handling of Unexpected Data Type
CWE-252
Unchecked Return Value
CWE-253
Incorrect Check of Function Return Value
CWE-284
Improper Access Control
CWE-287
Improper Authentication
CWE-290
Authentication Bypass by Spoofing
CWE-328
Use of Weak Hash
CWE-385
Covert Timing Channel
CWE-390
Detection of Error Condition Without Action
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-407
Inefficient Algorithmic Complexity
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415
Double Free
CWE-416
Use After Free
CWE-426
Untrusted Search Path
CWE-440
Expected Behavior Violation
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476
NULL Pointer Dereference
CWE-674
Uncontrolled Recursion
CWE-697
Incorrect Comparison
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-789
Memory Allocation with Excessive Size Value
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-918
Server-Side Request Forgery (SSRF)
CWE-937
CWE-937
CWE-1035
CWE-1035
CWE-1284
Improper Validation of Specified Quantity in Input
CWE-1333
Inefficient Regular Expression Complexity
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2025-10-23T13:20:15.363063Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0330",
"initial_release_date": "2025-10-23T13:20:15.363063Z",
"revision_history": [
{
"date": "2025-10-23T13:20:15.363063Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications Cloud Native Core Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Management Cloud Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications Calendar Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Automated Test Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Binding Support Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Certificate Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core DBTier"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Repository Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Policy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Service Communication Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Unified Data Repository"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Converged Charging System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergent Charging Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Oracle Communications Diameter Signaling Router"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE Element Management System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE LNP Application Processor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Oracle Communications LSMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Oracle Communications Messaging Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Charging and Control"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Oracle Communications Offline Mediation Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Oracle Communications Service Catalog and Design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Operations Monitor"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26555",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26555 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-35164",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35164 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-35164"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-50609",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-50609"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-1948"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "description",
"text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-3576 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4802 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5399",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5399"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5889 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7339",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7339 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7425 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7962",
"cwe": {
"id": "CWE-147",
"name": "Improper Neutralization of Input Terminators"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8058 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8058"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-25724"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27587",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "description",
"text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27587 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32728 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53547",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53547 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53643 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54090",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "other",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54090 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-54090"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-57803",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-57803 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-57803"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-59375"
}
]
}
CERTFR-2025-AVI-0760
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1 | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | WebSphere | IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132 | ||
| IBM | WebSphere | Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137 | ||
| IBM | WebSphere | Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132, | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et APAR PH67132",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2016-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2021-3393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
},
{
"name": "CVE-2025-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2025-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
},
{
"name": "CVE-2025-36047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2019-9193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-37799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2023-26133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-56339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2022-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2023-52933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2022-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2024-6762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2018-1000873",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-09-05T00:00:00",
"last_revision_date": "2025-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0760",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
"url": "https://www.ibm.com/support/pages/node/7243927"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
"url": "https://www.ibm.com/support/pages/node/7243923"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
"url": "https://www.ibm.com/support/pages/node/7243924"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
"url": "https://www.ibm.com/support/pages/node/7244012"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
"url": "https://www.ibm.com/support/pages/node/7243659"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
"url": "https://www.ibm.com/support/pages/node/7244002"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
"url": "https://www.ibm.com/support/pages/node/7243582"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
"url": "https://www.ibm.com/support/pages/node/7243928"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
"url": "https://www.ibm.com/support/pages/node/7243925"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
"url": "https://www.ibm.com/support/pages/node/7244010"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
"url": "https://www.ibm.com/support/pages/node/7243922"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
"url": "https://www.ibm.com/support/pages/node/7243673"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
"url": "https://www.ibm.com/support/pages/node/7243877"
}
]
}
CERTFR-2025-AVI-0585
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.30.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-25317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25317"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2023-7216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2020-12413",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12413"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2015-1197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1197"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2017-1000383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000383"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2021-45261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-27151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2025-52968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52968"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2023-7207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7207"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
}
],
"initial_release_date": "2025-07-11T00:00:00",
"last_revision_date": "2025-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35935",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35935"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35934",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35934"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35931",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35931"
}
]
}
CERTFR-2025-AVI-0693
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions 8.1.x ant\u00e9rieures \u00e0 8.1.3",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2022-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2021-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2022-47007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
},
{
"name": "CVE-2022-47008",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
},
{
"name": "CVE-2022-47010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
},
{
"name": "CVE-2022-47011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2023-1579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2021-20197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20197"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2021-45078",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
},
{
"name": "CVE-2023-2222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2222"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2024-57360",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57360"
},
{
"name": "CVE-2025-1150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1150"
},
{
"name": "CVE-2025-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1151"
},
{
"name": "CVE-2025-1152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1152"
},
{
"name": "CVE-2025-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1153"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-3198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2025-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
},
{
"name": "CVE-2025-7546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
}
],
"initial_release_date": "2025-08-14T00:00:00",
"last_revision_date": "2025-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0693",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36036",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36036"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36035",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36035"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36038",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36038"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36037",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36037"
}
]
}
msrc_cve-2025-25724
Vulnerability from csaf_microsoft
Published
2025-03-02 00:00
Modified
2025-07-17 00:00
Summary
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-25724.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"tracking": {
"current_release_date": "2025-07-17T00:00:00.000Z",
"generator": {
"date": "2025-10-20T03:02:47.303Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-25724",
"initial_release_date": "2025-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-03-19T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-04-09T00:00:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2025-07-17T00:00:00.000Z",
"legacy_version": "2.1",
"number": "3",
"summary": "Added libarchive to CBL-Mariner 2.0\nAdded libarchive to Azure Linux 3.0"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 libarchive 3.6.1-6",
"product": {
"name": "\u003ccbl2 libarchive 3.6.1-6",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 libarchive 3.6.1-6",
"product": {
"name": "cbl2 libarchive 3.6.1-6",
"product_id": "19704"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libarchive 3.6.1-5",
"product": {
"name": "\u003ccbl2 libarchive 3.6.1-5",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 libarchive 3.6.1-5",
"product": {
"name": "cbl2 libarchive 3.6.1-5",
"product_id": "19366"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libarchive 3.7.7-2",
"product": {
"name": "\u003cazl3 libarchive 3.7.7-2",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 libarchive 3.7.7-2",
"product": {
"name": "azl3 libarchive 3.7.7-2",
"product_id": "19277"
}
}
],
"category": "product_name",
"name": "libarchive"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libarchive 3.6.1-6 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libarchive 3.6.1-6 as a component of CBL Mariner 2.0",
"product_id": "19704-17086"
},
"product_reference": "19704",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libarchive 3.6.1-5 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libarchive 3.6.1-5 as a component of CBL Mariner 2.0",
"product_id": "19366-17086"
},
"product_reference": "19366",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libarchive 3.7.7-2 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libarchive 3.7.7-2 as a component of Azure Linux 3.0",
"product_id": "19277-17084"
},
"product_reference": "19277",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19704-17086",
"19366-17086",
"19277-17084"
],
"known_affected": [
"17086-1",
"17086-2",
"17084-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-25724.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-19T00:00:00.000Z",
"details": "3.6.1-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1",
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-03-19T00:00:00.000Z",
"details": "3.7.7-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"17086-1",
"17086-2",
"17084-3"
]
}
],
"title": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale."
}
]
}
opensuse-su-2025:14882-1
Vulnerability from csaf_opensuse
Published
2025-03-12 00:00
Modified
2025-03-12 00:00
Summary
bsdtar-3.7.7-3.1 on GA media
Notes
Title of the patch
bsdtar-3.7.7-3.1 on GA media
Description of the patch
These are all security issues fixed in the bsdtar-3.7.7-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14882
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "bsdtar-3.7.7-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the bsdtar-3.7.7-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14882",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14882-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14882-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VPBSF65DTMKEEGFEJY6QEGJSZY7TSKV/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14882-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VPBSF65DTMKEEGFEJY6QEGJSZY7TSKV/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1632 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25724/"
}
],
"title": "bsdtar-3.7.7-3.1 on GA media",
"tracking": {
"current_release_date": "2025-03-12T00:00:00Z",
"generator": {
"date": "2025-03-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14882-1",
"initial_release_date": "2025-03-12T00:00:00Z",
"revision_history": [
{
"date": "2025-03-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.7-3.1.aarch64",
"product": {
"name": "bsdtar-3.7.7-3.1.aarch64",
"product_id": "bsdtar-3.7.7-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.7-3.1.aarch64",
"product": {
"name": "libarchive-devel-3.7.7-3.1.aarch64",
"product_id": "libarchive-devel-3.7.7-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.7-3.1.aarch64",
"product": {
"name": "libarchive13-3.7.7-3.1.aarch64",
"product_id": "libarchive13-3.7.7-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.7-3.1.aarch64",
"product": {
"name": "libarchive13-32bit-3.7.7-3.1.aarch64",
"product_id": "libarchive13-32bit-3.7.7-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.7-3.1.ppc64le",
"product": {
"name": "bsdtar-3.7.7-3.1.ppc64le",
"product_id": "bsdtar-3.7.7-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.7-3.1.ppc64le",
"product": {
"name": "libarchive-devel-3.7.7-3.1.ppc64le",
"product_id": "libarchive-devel-3.7.7-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.7-3.1.ppc64le",
"product": {
"name": "libarchive13-3.7.7-3.1.ppc64le",
"product_id": "libarchive13-3.7.7-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.7-3.1.ppc64le",
"product": {
"name": "libarchive13-32bit-3.7.7-3.1.ppc64le",
"product_id": "libarchive13-32bit-3.7.7-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.7-3.1.s390x",
"product": {
"name": "bsdtar-3.7.7-3.1.s390x",
"product_id": "bsdtar-3.7.7-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.7-3.1.s390x",
"product": {
"name": "libarchive-devel-3.7.7-3.1.s390x",
"product_id": "libarchive-devel-3.7.7-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.7-3.1.s390x",
"product": {
"name": "libarchive13-3.7.7-3.1.s390x",
"product_id": "libarchive13-3.7.7-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.7-3.1.s390x",
"product": {
"name": "libarchive13-32bit-3.7.7-3.1.s390x",
"product_id": "libarchive13-32bit-3.7.7-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bsdtar-3.7.7-3.1.x86_64",
"product": {
"name": "bsdtar-3.7.7-3.1.x86_64",
"product_id": "bsdtar-3.7.7-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive-devel-3.7.7-3.1.x86_64",
"product": {
"name": "libarchive-devel-3.7.7-3.1.x86_64",
"product_id": "libarchive-devel-3.7.7-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-3.7.7-3.1.x86_64",
"product": {
"name": "libarchive13-3.7.7-3.1.x86_64",
"product_id": "libarchive13-3.7.7-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libarchive13-32bit-3.7.7-3.1.x86_64",
"product": {
"name": "libarchive13-32bit-3.7.7-3.1.x86_64",
"product_id": "libarchive13-32bit-3.7.7-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.7-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64"
},
"product_reference": "bsdtar-3.7.7-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.7-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le"
},
"product_reference": "bsdtar-3.7.7-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.7-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x"
},
"product_reference": "bsdtar-3.7.7-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bsdtar-3.7.7-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64"
},
"product_reference": "bsdtar-3.7.7-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.7-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64"
},
"product_reference": "libarchive-devel-3.7.7-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.7-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le"
},
"product_reference": "libarchive-devel-3.7.7-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.7-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x"
},
"product_reference": "libarchive-devel-3.7.7-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive-devel-3.7.7-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64"
},
"product_reference": "libarchive-devel-3.7.7-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.7-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64"
},
"product_reference": "libarchive13-3.7.7-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.7-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le"
},
"product_reference": "libarchive13-3.7.7-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.7-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x"
},
"product_reference": "libarchive13-3.7.7-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-3.7.7-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64"
},
"product_reference": "libarchive13-3.7.7-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.7-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64"
},
"product_reference": "libarchive13-32bit-3.7.7-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.7-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le"
},
"product_reference": "libarchive13-32bit-3.7.7-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.7-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x"
},
"product_reference": "libarchive13-32bit-3.7.7-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libarchive13-32bit-3.7.7-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
},
"product_reference": "libarchive13-32bit-3.7.7-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1632"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1632",
"url": "https://www.suse.com/security/cve/CVE-2025-1632"
},
{
"category": "external",
"summary": "SUSE Bug 1237606 for CVE-2025-1632",
"url": "https://bugzilla.suse.com/1237606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-1632"
},
{
"cve": "CVE-2025-25724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25724"
}
],
"notes": [
{
"category": "general",
"text": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25724",
"url": "https://www.suse.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "SUSE Bug 1238610 for CVE-2025-25724",
"url": "https://bugzilla.suse.com/1238610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:bsdtar-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive-devel-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-3.7.7-3.1.x86_64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.aarch64",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.ppc64le",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.s390x",
"openSUSE Tumbleweed:libarchive13-32bit-3.7.7-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-25724"
}
]
}
ghsa-722w-734r-qg74
Vulnerability from github
Published
2025-03-02 03:30
Modified
2025-03-02 03:30
Severity ?
VLAI Severity ?
Details
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
{
"affected": [],
"aliases": [
"CVE-2025-25724"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-02T02:15:36Z",
"severity": "MODERATE"
},
"details": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.",
"id": "GHSA-722w-734r-qg74",
"modified": "2025-03-02T03:30:31Z",
"published": "2025-03-02T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724"
},
{
"type": "WEB",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"type": "WEB",
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
fkie_cve-2025-25724
Vulnerability from fkie_nvd
Published
2025-03-02 02:15
Modified
2025-07-17 15:56
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 | Third Party Advisory | |
| cve@mitre.org | https://github.com/Ekkosun/pocs/blob/main/bsdtarbug | Exploit | |
| cve@mitre.org | https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libarchive | libarchive | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF70A827-B7CB-4155-8FBC-73D52403367C",
"versionEndIncluding": "3.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale."
},
{
"lang": "es",
"value": "list_item_verbose en tar/util.c en libarchive hasta 3.7.7 no verifica un valor de retorno de strftime, lo que puede provocar una denegaci\u00f3n de servicio u otro impacto no especificado a trav\u00e9s de un archivo TAR manipulado que se lee con un valor verbose de 2. Por ejemplo, el b\u00fafer de 100 bytes puede no ser suficiente para una configuraci\u00f3n regional personalizada."
}
],
"id": "CVE-2025-25724",
"lastModified": "2025-07-17T15:56:36.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 2.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-02T02:15:36.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/Ekkosun/pocs/blob/main/bsdtarbug"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
wid-sec-w-2025-0469
Vulnerability from csaf_certbund
Published
2025-03-02 23:00
Modified
2025-07-23 22:00
Summary
libarchive: Schwachstelle ermöglicht Denial of Service und weitere nicht spezifizierte Angriffe
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libarchive ist eine C Bibliothek und ein Kommandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in libarchive ausnutzen, um einen Denial of Service Angriff und weitere nicht spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "libarchive ist eine C Bibliothek und ein Kommandozeilen-Tool zum Lesen und Bearbeiten von tar, cpio, zip, ISO und anderen Formaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in libarchive ausnutzen, um einen Denial of Service Angriff und weitere nicht spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0469 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0469.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0469 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0469"
},
{
"category": "external",
"summary": "Red Hat Bugtracker vom 2025-03-02",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349221"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2025-03-02",
"url": "https://github.com/advisories/GHSA-722w-734r-qg74"
},
{
"category": "external",
"summary": "Red Hat Security Errata",
"url": "https://access.redhat.com/security/cve/CVE-2025-25724"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14882-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2VPBSF65DTMKEEGFEJY6QEGJSZY7TSKV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0986-1 vom 2025-03-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020576.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0985-1 vom 2025-03-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020577.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7454-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7454-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20257-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021061.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9420 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9420"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9431 vom 2025-06-25",
"url": "https://linux.oracle.com/errata/ELSA-2025-9431.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9431 vom 2025-06-24",
"url": "https://access.redhat.com/errata/RHSA-2025:9431"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9420 vom 2025-06-30",
"url": "https://linux.oracle.com/errata/ELSA-2025-9420.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7240431 vom 2025-07-23",
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"source_lang": "en-US",
"title": "libarchive: Schwachstelle erm\u00f6glicht Denial of Service und weitere nicht spezifizierte Angriffe",
"tracking": {
"current_release_date": "2025-07-23T22:00:00.000+00:00",
"generator": {
"date": "2025-07-24T07:56:53.337+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0469",
"initial_release_date": "2025-03-02T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-03-23T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-23T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.7.7",
"product": {
"name": "Open Source libarchive 3.7.7",
"product_id": "T041392",
"product_identification_helper": {
"cpe": "cpe:/a:libarchive:libarchive:3.7.7"
}
}
}
],
"category": "product_name",
"name": "libarchive"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-25724",
"product_status": {
"known_affected": [
"T002207",
"T041392",
"67646",
"T000126",
"T027843",
"T004914",
"T021398"
]
},
"release_date": "2025-03-02T23:00:00.000+00:00",
"title": "CVE-2025-25724"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…