Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-5318 (GCVE-0-2025-5318)
Vulnerability from cvelistv5
Published
2025-06-24 14:10
Modified
2025-11-11 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T14:29:13.950274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T14:29:18.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.libssh.org/",
"defaultStatus": "unaffected",
"packageName": "libssh",
"versions": [
{
"lessThan": "0.11.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.11.1-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.11.1-4.el10_1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.6-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.6-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.0-4.el8_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.4-2.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.4-2.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.6-4.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.6-4.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.6-4.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_tus:8.8::baseos",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.6-13.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_tus:8.8::baseos",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.6-13.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.10.4-15.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.10.4-15.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.10.4-15.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.10.4-15.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9.6-3.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.10.4-9.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.10.4-13.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "417.94.202510282022-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.19.9.6.202510281054-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.20.9.6.202510290321-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-gateway-opa-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.7.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-gateway-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.7.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-jaeger-query-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.7.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-query-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.7.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-rhel8",
"product": "Red Hat OpenShift distributed tracing 3.7.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"
],
"defaultStatus": "affected",
"packageName": "rhosdt/tempo-rhel8-operator",
"product": "Red Hat OpenShift distributed tracing 3.7.0",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Ronald Crane for reporting this issue."
}
],
"datePublic": "2025-06-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T20:32:33.422Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:18231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18231"
},
{
"name": "RHSA-2025:18275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18275"
},
{
"name": "RHSA-2025:18286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18286"
},
{
"name": "RHSA-2025:19012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19012"
},
{
"name": "RHSA-2025:19098",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19098"
},
{
"name": "RHSA-2025:19101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19101"
},
{
"name": "RHSA-2025:19295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19295"
},
{
"name": "RHSA-2025:19300",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19300"
},
{
"name": "RHSA-2025:19313",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19313"
},
{
"name": "RHSA-2025:19400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19400"
},
{
"name": "RHSA-2025:19401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19401"
},
{
"name": "RHSA-2025:19470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19470"
},
{
"name": "RHSA-2025:19472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19472"
},
{
"name": "RHSA-2025:19807",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19807"
},
{
"name": "RHSA-2025:20943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20943"
},
{
"name": "RHSA-2025:21013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21013"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"name": "RHBZ#2369131",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-29T06:48:59.169000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-24T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Libssh: out-of-bounds read in sftp_handle()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-5318",
"datePublished": "2025-06-24T14:10:07.188Z",
"dateReserved": "2025-05-29T07:01:42.703Z",
"dateUpdated": "2025-11-11T20:32:33.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-5318\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-06-24T14:15:30.523\",\"lastModified\":\"2025-11-11T21:15:39.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en la librer\u00eda libssh. Una lectura fuera de los l\u00edmites puede activarse en la funci\u00f3n sftp_handle debido a una comprobaci\u00f3n de comparaci\u00f3n incorrecta que permite que la funci\u00f3n acceda a memoria m\u00e1s all\u00e1 de la lista de manejadores v\u00e1lidos y devuelva un puntero no v\u00e1lido, que se utiliza en el procesamiento posterior. Esta vulnerabilidad permite que un atacante remoto autenticado lea regiones de memoria no deseadas, exponiendo informaci\u00f3n confidencial o afectando el comportamiento del servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.11.2\",\"matchCriteriaId\":\"6E05F605-6E29-4F09-96DF-A1E1B29D0C3C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18231\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18275\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:18286\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19012\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19098\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19101\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19295\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19300\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19313\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19400\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19401\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19470\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19472\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:19807\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:20943\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:21013\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-5318\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2369131\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.libssh.org/security/advisories/CVE-2025-5318.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5318\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-24T14:29:13.950274Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-24T14:29:15.706Z\"}}], \"cna\": {\"title\": \"Libssh: out-of-bounds read in sftp_handle()\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Ronald Crane for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.11.2\", \"versionType\": \"semver\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://www.libssh.org/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.11.1-4.el10_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.11.1-4.el10_1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\", \"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.6-15.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\", \"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.6-15.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.2::appstream\", \"cpe:/o:redhat:rhel_aus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.0-4.el8_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/a:redhat:rhel_aus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.4-2.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/a:redhat:rhel_aus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.4-2.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.6-4.el8_6.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.6-4.el8_6.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.6-4.el8_6.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\", \"cpe:/a:redhat:rhel_e4s:8.8::appstream\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.6-13.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\", \"cpe:/a:redhat:rhel_e4s:8.8::appstream\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.6-13.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.10.4-15.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.10.4-15.el9_7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.10.4-15.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.10.4-15.el9_7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\", \"cpe:/o:redhat:rhel_e4s:9.0::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.9.6-3.el9_0.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\", \"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.10.4-9.el9_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\", \"cpe:/o:redhat:rhel_eus:9.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:0.10.4-13.el9_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libssh\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"417.94.202510282022-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.19.9.6.202510281054-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.20::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.20\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.20.9.6.202510290321-0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.7.0\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/tempo-gateway-opa-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.7.0\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/tempo-gateway-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.7.0\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/tempo-jaeger-query-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.7.0\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/tempo-query-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.7.0\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/tempo-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.7::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.7.0\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhosdt/tempo-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-05-29T06:48:59.169000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-06-24T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-06-24T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:18231\", \"name\": \"RHSA-2025:18231\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18275\", \"name\": \"RHSA-2025:18275\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:18286\", \"name\": \"RHSA-2025:18286\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19012\", \"name\": \"RHSA-2025:19012\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19098\", \"name\": \"RHSA-2025:19098\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19101\", \"name\": \"RHSA-2025:19101\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19295\", \"name\": \"RHSA-2025:19295\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19300\", \"name\": \"RHSA-2025:19300\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19313\", \"name\": \"RHSA-2025:19313\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19400\", \"name\": \"RHSA-2025:19400\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19401\", \"name\": \"RHSA-2025:19401\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19470\", \"name\": \"RHSA-2025:19470\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19472\", \"name\": \"RHSA-2025:19472\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:19807\", \"name\": \"RHSA-2025:19807\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:20943\", \"name\": \"RHSA-2025:20943\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:21013\", \"name\": \"RHSA-2025:21013\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-5318\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2369131\", \"name\": \"RHBZ#2369131\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.libssh.org/security/advisories/CVE-2025-5318.txt\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-11T20:32:33.422Z\"}, \"x_redhatCweChain\": \"CWE-125: Out-of-bounds Read\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-5318\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-11T20:32:33.422Z\", \"dateReserved\": \"2025-05-29T07:01:42.703Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-06-24T14:10:07.188Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0756
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T | ||
| VMware | Tanzu | Tanzu for MySQL on Cloud Foundry versions antérieures à 10.0.2 | ||
| VMware | Tanzu | Java Buildpack versions antérieures à 4.84.0 | ||
| VMware | Tanzu | Stemcells pour Ubuntu Jammy Azure Light versions antérieures à 1.894 | ||
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 10.0.9 | ||
| VMware | Tanzu | Tanzu Scheduler versions antérieures à 2.0.20 | ||
| VMware | Tanzu | Spring Cloud Services for VMware Tanzu versions antérieures à 3.3.9 | ||
| VMware | Tanzu | Tanzu GemFire versions antérieures à 10.1.4 | ||
| VMware | Tanzu Operations Manager | Tanzu Operations Manager versions antérieures à 3.1.2 | ||
| VMware | Tanzu Platform | Tanzu Platform for Cloud Foundry isolation segment versions antérieures à 6.0.19+LTS-T | ||
| VMware | Tanzu | Single Sign-On for VMware Tanzu Application Service versions antérieures à 1.16.12 | ||
| VMware | Tanzu | Tanzu Hub versions antérieures à 10.2.1 | ||
| VMware | Tanzu | Stemcells pour Ubuntu Jammy versions antérieures à 1.894 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform for Cloud Foundry isolation segment 10.2.2+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for MySQL on Cloud Foundry versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.84.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells pour Ubuntu Jammy Azure Light versions ant\u00e9rieures \u00e0 1.894",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.0.9",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Scheduler versions ant\u00e9rieures \u00e0 2.0.20",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services for VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.9",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.1.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Operations Manager versions ant\u00e9rieures \u00e0 3.1.2",
"product": {
"name": "Tanzu Operations Manager",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform for Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.19+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On for VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.12",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells pour Ubuntu Jammy versions ant\u00e9rieures \u00e0 1.894",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2013-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1548"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2017-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8046"
},
{
"name": "CVE-2018-3280",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3280"
},
{
"name": "CVE-2018-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3137"
},
{
"name": "CVE-2018-3285",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3285"
},
{
"name": "CVE-2018-3182",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3182"
},
{
"name": "CVE-2018-3186",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3186"
},
{
"name": "CVE-2018-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3195"
},
{
"name": "CVE-2018-3286",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3286"
},
{
"name": "CVE-2018-3170",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3170"
},
{
"name": "CVE-2018-3279",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3279"
},
{
"name": "CVE-2018-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3212"
},
{
"name": "CVE-2018-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3203"
},
{
"name": "CVE-2018-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3145"
},
{
"name": "CVE-2019-2530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2530"
},
{
"name": "CVE-2019-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2436"
},
{
"name": "CVE-2019-2539",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2539"
},
{
"name": "CVE-2019-2494",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2494"
},
{
"name": "CVE-2019-2535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2535"
},
{
"name": "CVE-2019-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2533"
},
{
"name": "CVE-2019-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2495"
},
{
"name": "CVE-2019-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2513"
},
{
"name": "CVE-2019-2536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2536"
},
{
"name": "CVE-2019-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2502"
},
{
"name": "CVE-2019-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
},
{
"name": "CVE-2019-2587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
},
{
"name": "CVE-2019-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
},
{
"name": "CVE-2019-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
},
{
"name": "CVE-2019-2606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
},
{
"name": "CVE-2019-2630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
},
{
"name": "CVE-2019-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
},
{
"name": "CVE-2019-2623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
},
{
"name": "CVE-2019-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
},
{
"name": "CVE-2019-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
},
{
"name": "CVE-2019-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
},
{
"name": "CVE-2019-2644",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
},
{
"name": "CVE-2019-2681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
},
{
"name": "CVE-2019-2617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
},
{
"name": "CVE-2019-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
},
{
"name": "CVE-2019-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
},
{
"name": "CVE-2019-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
},
{
"name": "CVE-2019-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
},
{
"name": "CVE-2019-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
},
{
"name": "CVE-2019-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
},
{
"name": "CVE-2019-2631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
},
{
"name": "CVE-2019-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
},
{
"name": "CVE-2019-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
},
{
"name": "CVE-2019-2688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
},
{
"name": "CVE-2019-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
},
{
"name": "CVE-2019-2635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
},
{
"name": "CVE-2019-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
},
{
"name": "CVE-2019-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
},
{
"name": "CVE-2019-2685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
},
{
"name": "CVE-2019-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
},
{
"name": "CVE-2019-2607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2019-2811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2811"
},
{
"name": "CVE-2019-2740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2740"
},
{
"name": "CVE-2019-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2879"
},
{
"name": "CVE-2019-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2808"
},
{
"name": "CVE-2019-2738",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2738"
},
{
"name": "CVE-2019-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2819"
},
{
"name": "CVE-2019-2737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2737"
},
{
"name": "CVE-2019-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2814"
},
{
"name": "CVE-2019-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2778"
},
{
"name": "CVE-2019-2822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2822"
},
{
"name": "CVE-2019-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2802"
},
{
"name": "CVE-2019-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2803"
},
{
"name": "CVE-2019-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2752"
},
{
"name": "CVE-2019-2826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2826"
},
{
"name": "CVE-2019-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2784"
},
{
"name": "CVE-2019-2789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2789"
},
{
"name": "CVE-2019-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2801"
},
{
"name": "CVE-2019-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2791"
},
{
"name": "CVE-2019-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2798"
},
{
"name": "CVE-2019-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2796"
},
{
"name": "CVE-2019-2815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2815"
},
{
"name": "CVE-2019-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2810"
},
{
"name": "CVE-2019-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2780"
},
{
"name": "CVE-2019-2758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2758"
},
{
"name": "CVE-2019-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2757"
},
{
"name": "CVE-2019-2785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2785"
},
{
"name": "CVE-2019-2747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2747"
},
{
"name": "CVE-2019-2741",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2741"
},
{
"name": "CVE-2019-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2830"
},
{
"name": "CVE-2019-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2834"
},
{
"name": "CVE-2019-2743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2743"
},
{
"name": "CVE-2019-2739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2739"
},
{
"name": "CVE-2019-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2805"
},
{
"name": "CVE-2019-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2797"
},
{
"name": "CVE-2019-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2774"
},
{
"name": "CVE-2019-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2795"
},
{
"name": "CVE-2019-2746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2746"
},
{
"name": "CVE-2019-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2812"
},
{
"name": "CVE-2019-2924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2924"
},
{
"name": "CVE-2019-2914",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2914"
},
{
"name": "CVE-2019-2960",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2960"
},
{
"name": "CVE-2019-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2923"
},
{
"name": "CVE-2019-2968",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2968"
},
{
"name": "CVE-2019-2993",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2993"
},
{
"name": "CVE-2019-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3009"
},
{
"name": "CVE-2019-2969",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2969"
},
{
"name": "CVE-2019-3011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3011"
},
{
"name": "CVE-2019-2967",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2967"
},
{
"name": "CVE-2019-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2946"
},
{
"name": "CVE-2019-2966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2966"
},
{
"name": "CVE-2019-2957",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2957"
},
{
"name": "CVE-2019-2948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2948"
},
{
"name": "CVE-2019-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2922"
},
{
"name": "CVE-2019-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3004"
},
{
"name": "CVE-2019-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2998"
},
{
"name": "CVE-2019-2911",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2911"
},
{
"name": "CVE-2019-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2950"
},
{
"name": "CVE-2019-2910",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2910"
},
{
"name": "CVE-2019-3018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3018"
},
{
"name": "CVE-2019-2974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2974"
},
{
"name": "CVE-2019-2991",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2991"
},
{
"name": "CVE-2019-2997",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2997"
},
{
"name": "CVE-2019-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2938"
},
{
"name": "CVE-2019-3003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3003"
},
{
"name": "CVE-2019-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2982"
},
{
"name": "CVE-2019-2963",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2963"
},
{
"name": "CVE-2020-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2579"
},
{
"name": "CVE-2020-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2584"
},
{
"name": "CVE-2020-2577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2577"
},
{
"name": "CVE-2020-2679",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2679"
},
{
"name": "CVE-2020-2570",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2570"
},
{
"name": "CVE-2020-2572",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2572"
},
{
"name": "CVE-2020-2627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2627"
},
{
"name": "CVE-2020-2660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2660"
},
{
"name": "CVE-2020-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2589"
},
{
"name": "CVE-2020-2573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2573"
},
{
"name": "CVE-2020-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2686"
},
{
"name": "CVE-2020-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2694"
},
{
"name": "CVE-2020-2574",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2574"
},
{
"name": "CVE-2020-2770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2770"
},
{
"name": "CVE-2020-2925",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2925"
},
{
"name": "CVE-2020-2853",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2853"
},
{
"name": "CVE-2020-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2774"
},
{
"name": "CVE-2020-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2928"
},
{
"name": "CVE-2020-2897",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2897"
},
{
"name": "CVE-2020-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2812"
},
{
"name": "CVE-2020-2765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2765"
},
{
"name": "CVE-2020-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2761"
},
{
"name": "CVE-2020-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2790"
},
{
"name": "CVE-2020-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2752"
},
{
"name": "CVE-2020-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2904"
},
{
"name": "CVE-2020-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2893"
},
{
"name": "CVE-2020-2760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2760"
},
{
"name": "CVE-2020-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2780"
},
{
"name": "CVE-2020-2903",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2903"
},
{
"name": "CVE-2020-2924",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2924"
},
{
"name": "CVE-2020-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2806"
},
{
"name": "CVE-2020-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2922"
},
{
"name": "CVE-2020-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2901"
},
{
"name": "CVE-2020-2926",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2926"
},
{
"name": "CVE-2020-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2923"
},
{
"name": "CVE-2020-2921",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2921"
},
{
"name": "CVE-2020-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2779"
},
{
"name": "CVE-2020-2892",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2892"
},
{
"name": "CVE-2020-2896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2896"
},
{
"name": "CVE-2020-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2804"
},
{
"name": "CVE-2020-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2895"
},
{
"name": "CVE-2020-2930",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2930"
},
{
"name": "CVE-2020-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2814"
},
{
"name": "CVE-2020-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2759"
},
{
"name": "CVE-2020-2763",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2763"
},
{
"name": "CVE-2020-14550",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14550"
},
{
"name": "CVE-2020-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14567"
},
{
"name": "CVE-2020-14559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14559"
},
{
"name": "CVE-2020-14576",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14576"
},
{
"name": "CVE-2020-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14540"
},
{
"name": "CVE-2020-14547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14547"
},
{
"name": "CVE-2020-14553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14553"
},
{
"name": "CVE-2020-14539",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14539"
},
{
"name": "CVE-2020-14845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14845"
},
{
"name": "CVE-2020-14799",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14799"
},
{
"name": "CVE-2020-14793",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14793"
},
{
"name": "CVE-2020-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14888"
},
{
"name": "CVE-2020-14790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14790"
},
{
"name": "CVE-2020-14789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14789"
},
{
"name": "CVE-2020-14672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14672"
},
{
"name": "CVE-2020-14846",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14846"
},
{
"name": "CVE-2020-14771",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14771"
},
{
"name": "CVE-2020-14873",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14873"
},
{
"name": "CVE-2020-14791",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14791"
},
{
"name": "CVE-2020-14769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14769"
},
{
"name": "CVE-2020-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14844"
},
{
"name": "CVE-2020-14809",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14809"
},
{
"name": "CVE-2020-14860",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14860"
},
{
"name": "CVE-2020-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14866"
},
{
"name": "CVE-2020-14861",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14861"
},
{
"name": "CVE-2020-14773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14773"
},
{
"name": "CVE-2020-14776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14776"
},
{
"name": "CVE-2020-14852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14852"
},
{
"name": "CVE-2020-14760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14760"
},
{
"name": "CVE-2020-14870",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14870"
},
{
"name": "CVE-2020-14837",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14837"
},
{
"name": "CVE-2020-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14893"
},
{
"name": "CVE-2020-14836",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14836"
},
{
"name": "CVE-2020-14829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14829"
},
{
"name": "CVE-2020-14868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14868"
},
{
"name": "CVE-2020-14827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14827"
},
{
"name": "CVE-2020-14839",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14839"
},
{
"name": "CVE-2020-14777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14777"
},
{
"name": "CVE-2020-14812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14812"
},
{
"name": "CVE-2020-14775",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14775"
},
{
"name": "CVE-2020-14838",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14838"
},
{
"name": "CVE-2020-14869",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14869"
},
{
"name": "CVE-2020-14765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14765"
},
{
"name": "CVE-2020-14814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14814"
},
{
"name": "CVE-2020-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14821"
},
{
"name": "CVE-2020-14830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14830"
},
{
"name": "CVE-2020-14828",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14828"
},
{
"name": "CVE-2020-14804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14804"
},
{
"name": "CVE-2020-14800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14800"
},
{
"name": "CVE-2020-14891",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14891"
},
{
"name": "CVE-2020-14848",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14848"
},
{
"name": "CVE-2020-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14867"
},
{
"name": "CVE-2020-14785",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14785"
},
{
"name": "CVE-2020-14794",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14794"
},
{
"name": "CVE-2020-14786",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14786"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2010",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2010"
},
{
"name": "CVE-2021-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2001"
},
{
"name": "CVE-2021-2060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2060"
},
{
"name": "CVE-2021-2014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2014"
},
{
"name": "CVE-2021-2032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2032"
},
{
"name": "CVE-2021-2036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2036"
},
{
"name": "CVE-2021-2007",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2007"
},
{
"name": "CVE-2021-2011",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2011"
},
{
"name": "CVE-2021-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2022"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2021-2308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2308"
},
{
"name": "CVE-2021-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2213"
},
{
"name": "CVE-2021-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2172"
},
{
"name": "CVE-2021-2293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2293"
},
{
"name": "CVE-2021-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2208"
},
{
"name": "CVE-2021-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2196"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2021-2298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2298"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2021-2217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2217"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2021-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2203"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2021-2232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2232"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2021-2301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2301"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2021-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2193"
},
{
"name": "CVE-2021-2300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2300"
},
{
"name": "CVE-2021-2299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2299"
},
{
"name": "CVE-2021-2212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2212"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2021-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2230"
},
{
"name": "CVE-2021-2278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2278"
},
{
"name": "CVE-2021-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2164"
},
{
"name": "CVE-2021-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2201"
},
{
"name": "CVE-2021-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2170"
},
{
"name": "CVE-2021-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2304"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2305"
},
{
"name": "CVE-2021-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2215"
},
{
"name": "CVE-2021-25214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2021-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2370"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2021-2444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2444"
},
{
"name": "CVE-2021-2429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2429"
},
{
"name": "CVE-2021-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2426"
},
{
"name": "CVE-2021-2427",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2427"
},
{
"name": "CVE-2021-2339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2339"
},
{
"name": "CVE-2021-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2425"
},
{
"name": "CVE-2021-2387",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2387"
},
{
"name": "CVE-2021-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2383"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2021-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2399"
},
{
"name": "CVE-2021-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2384"
},
{
"name": "CVE-2021-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2412"
},
{
"name": "CVE-2021-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2441"
},
{
"name": "CVE-2021-2410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2410"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2021-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2437"
},
{
"name": "CVE-2021-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2417"
},
{
"name": "CVE-2021-2424",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2424"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2021-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2357"
},
{
"name": "CVE-2021-2352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2352"
},
{
"name": "CVE-2021-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2402"
},
{
"name": "CVE-2021-2440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2440"
},
{
"name": "CVE-2021-2340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2340"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2374"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2021-2411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2411"
},
{
"name": "CVE-2021-2418",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2418"
},
{
"name": "CVE-2021-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2367"
},
{
"name": "CVE-2021-2354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2354"
},
{
"name": "CVE-2021-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2422"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2020-12723",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2021-35640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35640"
},
{
"name": "CVE-2021-35626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35626"
},
{
"name": "CVE-2021-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2478"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2021-35583",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35583"
},
{
"name": "CVE-2021-35628",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35628"
},
{
"name": "CVE-2021-35630",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35630"
},
{
"name": "CVE-2021-35644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35644"
},
{
"name": "CVE-2021-2479",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2479"
},
{
"name": "CVE-2021-35638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35638"
},
{
"name": "CVE-2021-35646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35646"
},
{
"name": "CVE-2021-35596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35596"
},
{
"name": "CVE-2021-35643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35643"
},
{
"name": "CVE-2021-35637",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35637"
},
{
"name": "CVE-2021-35623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35623"
},
{
"name": "CVE-2021-35632",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35632"
},
{
"name": "CVE-2021-35641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35641"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-35636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35636"
},
{
"name": "CVE-2021-35546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35546"
},
{
"name": "CVE-2021-35627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35627"
},
{
"name": "CVE-2021-35625",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35625"
},
{
"name": "CVE-2021-35608",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35608"
},
{
"name": "CVE-2021-35597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35597"
},
{
"name": "CVE-2021-35537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35537"
},
{
"name": "CVE-2021-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2481"
},
{
"name": "CVE-2021-35622",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35622"
},
{
"name": "CVE-2021-35610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35610"
},
{
"name": "CVE-2021-35633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35633"
},
{
"name": "CVE-2021-35634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35634"
},
{
"name": "CVE-2021-35629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35629"
},
{
"name": "CVE-2021-35631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35631"
},
{
"name": "CVE-2021-35645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35645"
},
{
"name": "CVE-2021-35647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35647"
},
{
"name": "CVE-2021-35612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35612"
},
{
"name": "CVE-2021-35639",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35639"
},
{
"name": "CVE-2021-35648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35648"
},
{
"name": "CVE-2021-35607",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35607"
},
{
"name": "CVE-2021-35602",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35602"
},
{
"name": "CVE-2021-35577",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35577"
},
{
"name": "CVE-2021-35642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35642"
},
{
"name": "CVE-2021-35575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35575"
},
{
"name": "CVE-2021-35635",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35635"
},
{
"name": "CVE-2021-35591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35591"
},
{
"name": "CVE-2021-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
},
{
"name": "CVE-2021-3875",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3875"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2022-21352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21352"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21254"
},
{
"name": "CVE-2022-21265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21265"
},
{
"name": "CVE-2022-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21348"
},
{
"name": "CVE-2022-21372",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2022-21368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21368"
},
{
"name": "CVE-2022-21339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21339"
},
{
"name": "CVE-2022-21264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21264"
},
{
"name": "CVE-2022-21297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21297"
},
{
"name": "CVE-2022-21379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21379"
},
{
"name": "CVE-2022-21253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21253"
},
{
"name": "CVE-2022-21301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21301"
},
{
"name": "CVE-2022-21378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21378"
},
{
"name": "CVE-2022-21370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21370"
},
{
"name": "CVE-2022-21302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21302"
},
{
"name": "CVE-2022-21249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21249"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21342"
},
{
"name": "CVE-2022-21362",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21362"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2022-21256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21256"
},
{
"name": "CVE-2022-21358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21358"
},
{
"name": "CVE-2022-21374",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21374"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-21418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21418"
},
{
"name": "CVE-2022-21412",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21412"
},
{
"name": "CVE-2022-21437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21437"
},
{
"name": "CVE-2022-21478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21478"
},
{
"name": "CVE-2022-21479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21479"
},
{
"name": "CVE-2022-21438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21438"
},
{
"name": "CVE-2022-21440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21440"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2022-21415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21415"
},
{
"name": "CVE-2022-21459",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21459"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2022-21414",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21414"
},
{
"name": "CVE-2022-21413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21413"
},
{
"name": "CVE-2022-21436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21436"
},
{
"name": "CVE-2022-21435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21435"
},
{
"name": "CVE-2022-21462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21462"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2022-21457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21457"
},
{
"name": "CVE-2022-21425",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21425"
},
{
"name": "CVE-2022-21452",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21452"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2021-4122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4122"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2022-21525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21525"
},
{
"name": "CVE-2022-21537",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21537"
},
{
"name": "CVE-2022-21455",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21455"
},
{
"name": "CVE-2022-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21534"
},
{
"name": "CVE-2022-21528",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21528"
},
{
"name": "CVE-2022-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21529"
},
{
"name": "CVE-2022-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21531"
},
{
"name": "CVE-2022-21515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21515"
},
{
"name": "CVE-2022-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21538"
},
{
"name": "CVE-2022-21527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21527"
},
{
"name": "CVE-2022-21517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21517"
},
{
"name": "CVE-2022-21539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21539"
},
{
"name": "CVE-2022-21556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21556"
},
{
"name": "CVE-2022-21509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21509"
},
{
"name": "CVE-2022-21553",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21553"
},
{
"name": "CVE-2022-21530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21530"
},
{
"name": "CVE-2022-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21522"
},
{
"name": "CVE-2022-21547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21547"
},
{
"name": "CVE-2022-21569",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21569"
},
{
"name": "CVE-2022-21526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21526"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2022-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0396"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2023-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
},
{
"name": "CVE-2023-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
},
{
"name": "CVE-2023-21879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
},
{
"name": "CVE-2023-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
},
{
"name": "CVE-2023-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
},
{
"name": "CVE-2023-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
},
{
"name": "CVE-2023-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
},
{
"name": "CVE-2023-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
},
{
"name": "CVE-2023-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
},
{
"name": "CVE-2023-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
},
{
"name": "CVE-2023-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
},
{
"name": "CVE-2023-21876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2023-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
},
{
"name": "CVE-2023-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
},
{
"name": "CVE-2023-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
},
{
"name": "CVE-2023-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
},
{
"name": "CVE-2023-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
},
{
"name": "CVE-2023-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
},
{
"name": "CVE-2023-21874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
},
{
"name": "CVE-2023-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
},
{
"name": "CVE-2023-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2023-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22097"
},
{
"name": "CVE-2023-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
},
{
"name": "CVE-2023-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22026"
},
{
"name": "CVE-2023-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
},
{
"name": "CVE-2023-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22015"
},
{
"name": "CVE-2023-22103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22103"
},
{
"name": "CVE-2023-22068",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22068"
},
{
"name": "CVE-2023-22078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22078"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-22059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22059"
},
{
"name": "CVE-2023-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22066"
},
{
"name": "CVE-2023-22114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22114"
},
{
"name": "CVE-2023-22070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22070"
},
{
"name": "CVE-2023-22032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22032"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2021-20193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-47100",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47100"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2022-27772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27772"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-26686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
},
{
"name": "CVE-2023-52572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2024-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26739"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-52757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
},
{
"name": "CVE-2024-35866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35866"
},
{
"name": "CVE-2024-35867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35867"
},
{
"name": "CVE-2024-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-21137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21137"
},
{
"name": "CVE-2024-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2024-36908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36908"
},
{
"name": "CVE-2024-27402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27402"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2022-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48893"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2023-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5841"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46751"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2024-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46774"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2024-21193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21193"
},
{
"name": "CVE-2024-21194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21194"
},
{
"name": "CVE-2024-21196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21196"
},
{
"name": "CVE-2024-21197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21197"
},
{
"name": "CVE-2024-21198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21198"
},
{
"name": "CVE-2024-21199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21199"
},
{
"name": "CVE-2024-21201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21201"
},
{
"name": "CVE-2024-21207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21207"
},
{
"name": "CVE-2024-21209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21209"
},
{
"name": "CVE-2024-21212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21212"
},
{
"name": "CVE-2024-21213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21213"
},
{
"name": "CVE-2024-21219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21219"
},
{
"name": "CVE-2024-21236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21236"
},
{
"name": "CVE-2024-21239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21239"
},
{
"name": "CVE-2024-21241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21241"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-10487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10487"
},
{
"name": "CVE-2024-10458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10458"
},
{
"name": "CVE-2024-10459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10459"
},
{
"name": "CVE-2024-10460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10460"
},
{
"name": "CVE-2024-10461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10461"
},
{
"name": "CVE-2024-10462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10462"
},
{
"name": "CVE-2024-10463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10463"
},
{
"name": "CVE-2024-10464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10464"
},
{
"name": "CVE-2024-10465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10465"
},
{
"name": "CVE-2024-10466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10466"
},
{
"name": "CVE-2024-10467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10467"
},
{
"name": "CVE-2024-10468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10468"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-46816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46816"
},
{
"name": "CVE-2024-11395",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11395"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-11691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11691"
},
{
"name": "CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"name": "CVE-2024-11693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11693"
},
{
"name": "CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"name": "CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"name": "CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
},
{
"name": "CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"name": "CVE-2024-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11698"
},
{
"name": "CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"name": "CVE-2024-11700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11700"
},
{
"name": "CVE-2024-11701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11701"
},
{
"name": "CVE-2024-11702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11702"
},
{
"name": "CVE-2024-11703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11703"
},
{
"name": "CVE-2024-11704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11704"
},
{
"name": "CVE-2024-11705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11705"
},
{
"name": "CVE-2024-11706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11706"
},
{
"name": "CVE-2024-11708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11708"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2025-0237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0237"
},
{
"name": "CVE-2025-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0238"
},
{
"name": "CVE-2025-0239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0239"
},
{
"name": "CVE-2025-0240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0240"
},
{
"name": "CVE-2025-0241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0241"
},
{
"name": "CVE-2025-0242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0242"
},
{
"name": "CVE-2025-0243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0243"
},
{
"name": "CVE-2025-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0245"
},
{
"name": "CVE-2025-0247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0247"
},
{
"name": "CVE-2025-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
},
{
"name": "CVE-2025-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
},
{
"name": "CVE-2025-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
},
{
"name": "CVE-2025-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
},
{
"name": "CVE-2025-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
},
{
"name": "CVE-2025-0439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
},
{
"name": "CVE-2025-0440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
},
{
"name": "CVE-2025-0441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
},
{
"name": "CVE-2025-0442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
},
{
"name": "CVE-2025-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
},
{
"name": "CVE-2025-0446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
},
{
"name": "CVE-2025-0447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
},
{
"name": "CVE-2025-0448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
},
{
"name": "CVE-2025-0445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
},
{
"name": "CVE-2025-0451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
},
{
"name": "CVE-2025-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
},
{
"name": "CVE-2025-1009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1009"
},
{
"name": "CVE-2025-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1010"
},
{
"name": "CVE-2025-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1011"
},
{
"name": "CVE-2025-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1012"
},
{
"name": "CVE-2025-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1013"
},
{
"name": "CVE-2025-1014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1014"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1016"
},
{
"name": "CVE-2025-1017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1017"
},
{
"name": "CVE-2025-1018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1018"
},
{
"name": "CVE-2025-1019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1019"
},
{
"name": "CVE-2025-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1020"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2025-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0995"
},
{
"name": "CVE-2025-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0996"
},
{
"name": "CVE-2025-0997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0997"
},
{
"name": "CVE-2025-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0998"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1414"
},
{
"name": "CVE-2025-0999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0999"
},
{
"name": "CVE-2025-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1006"
},
{
"name": "CVE-2025-1426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1426"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2023-39017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-1914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1914"
},
{
"name": "CVE-2025-1915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1915"
},
{
"name": "CVE-2025-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1916"
},
{
"name": "CVE-2025-1917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1917"
},
{
"name": "CVE-2025-1918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1918"
},
{
"name": "CVE-2025-1919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1919"
},
{
"name": "CVE-2025-1921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1921"
},
{
"name": "CVE-2025-1922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1922"
},
{
"name": "CVE-2025-1923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1923"
},
{
"name": "CVE-2025-1930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1930"
},
{
"name": "CVE-2025-1931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1931"
},
{
"name": "CVE-2025-1932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1932"
},
{
"name": "CVE-2025-1933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1933"
},
{
"name": "CVE-2025-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1934"
},
{
"name": "CVE-2025-1935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1935"
},
{
"name": "CVE-2025-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1936"
},
{
"name": "CVE-2025-1937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1937"
},
{
"name": "CVE-2025-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1938"
},
{
"name": "CVE-2025-1939",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1939"
},
{
"name": "CVE-2025-1940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1940"
},
{
"name": "CVE-2025-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1941"
},
{
"name": "CVE-2025-1942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1942"
},
{
"name": "CVE-2025-1943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1943"
},
{
"name": "CVE-2025-1920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
},
{
"name": "CVE-2025-2135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
},
{
"name": "CVE-2025-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
},
{
"name": "CVE-2025-2137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-45772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45772"
},
{
"name": "CVE-2025-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
},
{
"name": "CVE-2025-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2857"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
},
{
"name": "CVE-2022-49063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
},
{
"name": "CVE-2022-49535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49535"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2025-3066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3066"
},
{
"name": "CVE-2025-3067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3067"
},
{
"name": "CVE-2025-3068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3068"
},
{
"name": "CVE-2025-3071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3071"
},
{
"name": "CVE-2025-3072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3072"
},
{
"name": "CVE-2025-3073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3073"
},
{
"name": "CVE-2025-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3074"
},
{
"name": "CVE-2025-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3028"
},
{
"name": "CVE-2025-3029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3029"
},
{
"name": "CVE-2025-3030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3030"
},
{
"name": "CVE-2025-3031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3031"
},
{
"name": "CVE-2025-3032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3032"
},
{
"name": "CVE-2025-3033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3033"
},
{
"name": "CVE-2025-3034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3034"
},
{
"name": "CVE-2025-3035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3035"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2025-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3608"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-21588",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21588"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3619"
},
{
"name": "CVE-2025-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3620"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-4050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4050"
},
{
"name": "CVE-2025-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4051"
},
{
"name": "CVE-2025-4052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4052"
},
{
"name": "CVE-2025-4096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4096"
},
{
"name": "CVE-2025-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2817"
},
{
"name": "CVE-2025-4082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4082"
},
{
"name": "CVE-2025-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4083"
},
{
"name": "CVE-2025-4085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4085"
},
{
"name": "CVE-2025-4087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4087"
},
{
"name": "CVE-2025-4088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4088"
},
{
"name": "CVE-2025-4089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4089"
},
{
"name": "CVE-2025-4090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4090"
},
{
"name": "CVE-2025-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4091"
},
{
"name": "CVE-2025-4092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4092"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2024-46742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46742"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2025-22027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22027"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-37838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37838"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-29087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29087"
},
{
"name": "CVE-2025-3277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3277"
},
{
"name": "CVE-2025-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4609"
},
{
"name": "CVE-2025-4664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4664"
},
{
"name": "CVE-2025-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4372"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-4918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4918"
},
{
"name": "CVE-2025-4919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4919"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2025-5063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5063"
},
{
"name": "CVE-2025-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5064"
},
{
"name": "CVE-2025-5065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5065"
},
{
"name": "CVE-2025-5066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5066"
},
{
"name": "CVE-2025-5067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5067"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-22062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22062"
},
{
"name": "CVE-2025-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23145"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-5263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5263"
},
{
"name": "CVE-2025-5264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5264"
},
{
"name": "CVE-2025-5265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5265"
},
{
"name": "CVE-2025-5266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5266"
},
{
"name": "CVE-2025-5267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5267"
},
{
"name": "CVE-2025-5268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5268"
},
{
"name": "CVE-2025-5270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5270"
},
{
"name": "CVE-2025-5271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5271"
},
{
"name": "CVE-2025-5272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5272"
},
{
"name": "CVE-2025-5281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5281"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2025-23140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23140"
},
{
"name": "CVE-2025-23142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23142"
},
{
"name": "CVE-2025-23144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23144"
},
{
"name": "CVE-2025-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23146"
},
{
"name": "CVE-2025-23147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23147"
},
{
"name": "CVE-2025-23148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23148"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
},
{
"name": "CVE-2025-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23151"
},
{
"name": "CVE-2025-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23156"
},
{
"name": "CVE-2025-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23157"
},
{
"name": "CVE-2025-23158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23158"
},
{
"name": "CVE-2025-23159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23159"
},
{
"name": "CVE-2025-23161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23161"
},
{
"name": "CVE-2025-23163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23163"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2025-37739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37739"
},
{
"name": "CVE-2025-37740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37740"
},
{
"name": "CVE-2025-37741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37741"
},
{
"name": "CVE-2025-37742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37742"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2025-37757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37757"
},
{
"name": "CVE-2025-37758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37758"
},
{
"name": "CVE-2025-37765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37765"
},
{
"name": "CVE-2025-37766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37766"
},
{
"name": "CVE-2025-37767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37767"
},
{
"name": "CVE-2025-37768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37768"
},
{
"name": "CVE-2025-37770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37770"
},
{
"name": "CVE-2025-37771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37771"
},
{
"name": "CVE-2025-37773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37773"
},
{
"name": "CVE-2025-37780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37780"
},
{
"name": "CVE-2025-37781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37781"
},
{
"name": "CVE-2025-37787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37787"
},
{
"name": "CVE-2025-37788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37788"
},
{
"name": "CVE-2025-37789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37789"
},
{
"name": "CVE-2025-37790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37790"
},
{
"name": "CVE-2025-37792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37792"
},
{
"name": "CVE-2025-37794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37794"
},
{
"name": "CVE-2025-37796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37796"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-37803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37803"
},
{
"name": "CVE-2025-37805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37805"
},
{
"name": "CVE-2025-37808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37808"
},
{
"name": "CVE-2025-37810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37810"
},
{
"name": "CVE-2025-37811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37811"
},
{
"name": "CVE-2025-37812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37812"
},
{
"name": "CVE-2025-37817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37817"
},
{
"name": "CVE-2025-37823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
},
{
"name": "CVE-2025-37824",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37824"
},
{
"name": "CVE-2025-37829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37829"
},
{
"name": "CVE-2025-37830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37830"
},
{
"name": "CVE-2025-37836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37836"
},
{
"name": "CVE-2025-37839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37839"
},
{
"name": "CVE-2025-37840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37840"
},
{
"name": "CVE-2025-37841",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37841"
},
{
"name": "CVE-2025-37844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37844"
},
{
"name": "CVE-2025-37850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37850"
},
{
"name": "CVE-2025-37851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37851"
},
{
"name": "CVE-2025-37857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37857"
},
{
"name": "CVE-2025-37858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37858"
},
{
"name": "CVE-2025-37859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37859"
},
{
"name": "CVE-2025-37862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37862"
},
{
"name": "CVE-2025-37867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37867"
},
{
"name": "CVE-2025-37871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37871"
},
{
"name": "CVE-2025-37875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37875"
},
{
"name": "CVE-2025-37881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37881"
},
{
"name": "CVE-2025-37883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37883"
},
{
"name": "CVE-2025-37885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37885"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2025-37892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37892"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2025-37940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37940"
},
{
"name": "CVE-2025-37982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37982"
},
{
"name": "CVE-2025-37983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37983"
},
{
"name": "CVE-2025-37985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37985"
},
{
"name": "CVE-2025-37989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37989"
},
{
"name": "CVE-2025-37819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37819"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-37905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37905"
},
{
"name": "CVE-2025-37909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37909"
},
{
"name": "CVE-2025-37911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37911"
},
{
"name": "CVE-2025-37912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37912"
},
{
"name": "CVE-2025-37913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37913"
},
{
"name": "CVE-2025-37914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37914"
},
{
"name": "CVE-2025-37915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37915"
},
{
"name": "CVE-2025-37923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37923"
},
{
"name": "CVE-2025-37927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37927"
},
{
"name": "CVE-2025-37930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37930"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
},
{
"name": "CVE-2025-37964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
},
{
"name": "CVE-2025-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
},
{
"name": "CVE-2025-37969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
},
{
"name": "CVE-2025-37970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
},
{
"name": "CVE-2025-37990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37990"
},
{
"name": "CVE-2025-37991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37991"
},
{
"name": "CVE-2025-5068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5068"
},
{
"name": "CVE-2025-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5419"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-49709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49709"
},
{
"name": "CVE-2025-49710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49710"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2025-29088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29088"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-5958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5958"
},
{
"name": "CVE-2025-5959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5959"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-6191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6191"
},
{
"name": "CVE-2025-6192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6192"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2022-49168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49168"
},
{
"name": "CVE-2025-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
},
{
"name": "CVE-2023-42366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"name": "CVE-2025-6424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6424"
},
{
"name": "CVE-2025-6425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6425"
},
{
"name": "CVE-2025-6426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6426"
},
{
"name": "CVE-2025-6427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6427"
},
{
"name": "CVE-2025-6429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6429"
},
{
"name": "CVE-2025-6430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6430"
},
{
"name": "CVE-2025-6432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6432"
},
{
"name": "CVE-2025-6433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6433"
},
{
"name": "CVE-2025-6434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6434"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6555"
},
{
"name": "CVE-2025-6556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6556"
},
{
"name": "CVE-2025-6557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6557"
},
{
"name": "CVE-2025-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6435"
},
{
"name": "CVE-2025-6436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6436"
},
{
"name": "CVE-2025-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6554"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-37992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
},
{
"name": "CVE-2025-37994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
},
{
"name": "CVE-2025-37995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
},
{
"name": "CVE-2025-38005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
},
{
"name": "CVE-2025-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
},
{
"name": "CVE-2025-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-6558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
},
{
"name": "CVE-2025-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7656"
},
{
"name": "CVE-2025-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7657"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2022-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21546"
},
{
"name": "CVE-2020-16156",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
},
{
"name": "CVE-2025-8010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8010"
},
{
"name": "CVE-2025-8011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8011"
},
{
"name": "CVE-2025-8027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8027"
},
{
"name": "CVE-2025-8028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8028"
},
{
"name": "CVE-2025-8029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8029"
},
{
"name": "CVE-2025-8030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8030"
},
{
"name": "CVE-2025-8031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8031"
},
{
"name": "CVE-2025-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8032"
},
{
"name": "CVE-2025-8033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8033"
},
{
"name": "CVE-2025-8034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8034"
},
{
"name": "CVE-2025-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8035"
},
{
"name": "CVE-2025-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8036"
},
{
"name": "CVE-2025-8037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8037"
},
{
"name": "CVE-2025-8038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8038"
},
{
"name": "CVE-2025-8039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8039"
},
{
"name": "CVE-2025-8040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8040"
},
{
"name": "CVE-2025-8041",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8041"
},
{
"name": "CVE-2025-8043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8043"
},
{
"name": "CVE-2025-8044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8044"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2025-38094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-8292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8292"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8576"
},
{
"name": "CVE-2025-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8577"
},
{
"name": "CVE-2025-8578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8578"
},
{
"name": "CVE-2025-8579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8579"
},
{
"name": "CVE-2025-8580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8580"
},
{
"name": "CVE-2025-8581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8581"
},
{
"name": "CVE-2025-8582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8582"
},
{
"name": "CVE-2025-8583",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8583"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-8879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8879"
},
{
"name": "CVE-2025-8880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8880"
},
{
"name": "CVE-2025-8881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8881"
},
{
"name": "CVE-2025-8882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8882"
},
{
"name": "CVE-2025-8901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8901"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2025-9132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9132"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2005-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2541"
},
{
"name": "CVE-2008-5727",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5727"
},
{
"name": "CVE-2008-5728",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5728"
},
{
"name": "CVE-2008-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5729"
},
{
"name": "CVE-2008-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5730"
},
{
"name": "CVE-2008-5742",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5742"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2015-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2214"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2016-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2149"
},
{
"name": "CVE-2016-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2160"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2017-12195",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12195"
},
{
"name": "CVE-2017-12629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2018-1000169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000169"
},
{
"name": "CVE-2018-1196",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1196"
},
{
"name": "CVE-2018-1273",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1273"
},
{
"name": "CVE-2019-10782",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10782"
},
{
"name": "CVE-2019-9658",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9658"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2021-20298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20298"
},
{
"name": "CVE-2021-20304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20304"
},
{
"name": "CVE-2021-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22055"
},
{
"name": "CVE-2021-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23169"
},
{
"name": "CVE-2021-3236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3236"
},
{
"name": "CVE-2022-0635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0635"
},
{
"name": "CVE-2022-0667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0667"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2023-39810",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
},
{
"name": "CVE-2023-4156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4156"
},
{
"name": "CVE-2023-4320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4320"
},
{
"name": "CVE-2023-43785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
},
{
"name": "CVE-2023-43786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
},
{
"name": "CVE-2023-43787",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
},
{
"name": "CVE-2023-46129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46129"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2023-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5189"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2024-22047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22047"
},
{
"name": "CVE-2024-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2397"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-31047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31047"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2024-7012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7012"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-26519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26519"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2025-8262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8262"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-9179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9179"
},
{
"name": "CVE-2025-9180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9180"
},
{
"name": "CVE-2025-9181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9181"
},
{
"name": "CVE-2025-9182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9182"
},
{
"name": "CVE-2025-9183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9183"
},
{
"name": "CVE-2025-9184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9184"
},
{
"name": "CVE-2025-9185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9185"
},
{
"name": "CVE-2025-9187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9187"
},
{
"name": "CVE-2025-9308",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9308"
}
],
"initial_release_date": "2025-09-05T00:00:00",
"last_revision_date": "2025-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0756",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36093",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36093"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36102",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36102"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36101",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36101"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36100",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36100"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36105",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36105"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36091",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36091"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36078",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36078"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36107",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36107"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36094",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36094"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36097",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36097"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-46",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36104"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36108",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36108"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36095",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36095"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-09",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36090"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36096",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36096"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36106",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36106"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36109",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36109"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36098",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36098"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-68",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36111"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36103",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36103"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36099",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36099"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36092",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36092"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36110",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36110"
}
]
}
CERTFR-2025-AVI-0907
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Enterprise Backup version 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Cluster version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Enterprise Backup version 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Cluster version 8.4.0 à 8.4.3 | ||
| Oracle | MySQL | MySQL Enterprise Backup version 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Cluster version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Cluster version 9.0.0 à 9.1.0 | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Server (Server: DML) version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Server (Server: DML) version 8.4.0 à 8.4.6 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Cluster version 8.0.0 à 8.0.40 | ||
| Oracle | MySQL | MySQL Cluster version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 8.0.0 à 8.0.43 | ||
| Oracle | MySQL | MySQL Server (Server: DML) version 9.0.0 à 9.4.0 | ||
| Oracle | MySQL | MySQL Workbench version 8.0.0 à 8.0.43 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server (Server: Optimizer) version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup version 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup version 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.4.0 \u00e0 8.4.3",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup version 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 9.0.0 \u00e0 9.1.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) version 8.4.0 \u00e0 8.4.6",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.0.0 \u00e0 8.0.40",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) version 9.0.0 \u00e0 9.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench version 8.0.0 \u00e0 8.0.43",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2025-5449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5449"
},
{
"name": "CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53067"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2025-5399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5399"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0907",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpuoct2025",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
]
}
CERTFR-2025-AVI-0622
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows | ||
| VMware | N/A | Stemcells sans le dernier correctif de sécurité | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu | Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0 | ||
| VMware | Tanzu | Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1 | ||
| VMware | Tanzu Application Service | Tanzu Application Service versions antérieures à 1.16.11 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Application Service | Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11 | ||
| VMware | Tanzu | File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-36617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2020-36843",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36843"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2022-29173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
},
{
"name": "CVE-2022-35929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35929"
},
{
"name": "CVE-2022-36056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36056"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2023-28755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28755"
},
{
"name": "CVE-2023-30551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30551"
},
{
"name": "CVE-2023-33199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33199"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2023-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46737"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2024-24579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24579"
},
{
"name": "CVE-2024-29902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29902"
},
{
"name": "CVE-2024-29903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29903"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2024-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52587"
},
{
"name": "CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-47290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47290"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
}
],
"initial_release_date": "2025-07-25T00:00:00",
"last_revision_date": "2025-07-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0622",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35981",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35967",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35980",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35974",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35979",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35984",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35970",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35983",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35978",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35968",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35973",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35976",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35969",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35966",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35972",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35977",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35982",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35971",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35975",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975"
}
]
}
CERTFR-2025-AVI-0969
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | GenAI sur Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.90.x | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.58 | ||
| VMware | Tanzu Kubernetes Runtime | Python Buildpack versions antérieures à 1.8.63 | ||
| VMware | Tanzu Kubernetes Runtime | VMware Tanzu pour MySQL sur Tanzu Platform versions antérieures à 10.1.0 | ||
| VMware | Tanzu Kubernetes Runtime | API Gateway pour VMware Tanzu Platform versions antérieures à 2.4.0 | ||
| VMware | Tanzu Kubernetes Runtime | PHP Buildpack versions antérieures à 4.6.49 | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Platform versions antérieures à 1.16.14 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.915.x | ||
| VMware | Tanzu Application Service | CredHub Service Broker versions antérieures à 1.6.6 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.4+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.915.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry Windows versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Single Sign-On pour VMware Tanzu Application Service versions antérieures à 1.16.13 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.943.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 6.0.20+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.77.x | ||
| VMware | Services Suite | Platform Automation Toolkit versions antérieures à 5.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.906.x | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Data Flow pour VMware Tanzu versions antérieures à 1.14.9 | ||
| VMware | Tanzu Kubernetes Runtime | App Autoscaler CLI Plugin pour VMware Tanzu Platform versions antérieures à 250.5.9 | ||
| VMware | Tanzu Kubernetes Runtime | Spring Cloud Services pour VMware Tanzu versions antérieures à 3.3.10 | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Concourse pour VMware Tanzu versions antérieures à 7.14.1+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Platform pour Cloud Foundry isolation segment versions antérieures à 10.2.3+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Ruby Buildpack versions antérieures à 1.10.46 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.21+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | Telemetry pour VMware Tanzu Platform versions antérieures à 2.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.103.x | ||
| VMware | Tanzu Kubernetes Runtime | Tanzu Hub versions antérieures à 10.3.0 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.906.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GenAI sur Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.90.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.58",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Python Buildpack versions ant\u00e9rieures \u00e0 1.8.63",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour MySQL sur Tanzu Platform versions ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "API Gateway pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "PHP Buildpack versions ant\u00e9rieures \u00e0 4.6.49",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 1.16.14",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Service Broker versions ant\u00e9rieures \u00e0 1.6.6",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.4+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.915.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry Windows versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On pour VMware Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.13",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.943.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 6.0.20+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.77.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.3.2",
"product": {
"name": "Services Suite",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow pour VMware Tanzu versions ant\u00e9rieures \u00e0 1.14.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Autoscaler CLI Plugin pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 250.5.9",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services pour VMware Tanzu versions ant\u00e9rieures \u00e0 3.3.10",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Concourse pour VMware Tanzu versions ant\u00e9rieures \u00e0 7.14.1+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform pour Cloud Foundry isolation segment versions ant\u00e9rieures \u00e0 10.2.3+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Ruby Buildpack versions ant\u00e9rieures \u00e0 1.10.46",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.21+LTS-T",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.103.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Hub versions ant\u00e9rieures \u00e0 10.3.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.906.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-57981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57981"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2017-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3613"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2022-25308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25308"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-27102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27102"
},
{
"name": "CVE-2022-43236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43236"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2005-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0602"
},
{
"name": "CVE-2017-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6834"
},
{
"name": "CVE-2025-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22003"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3428"
},
{
"name": "CVE-2021-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3933"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43237"
},
{
"name": "CVE-2021-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23215"
},
{
"name": "CVE-2022-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1115"
},
{
"name": "CVE-2024-57994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57994"
},
{
"name": "CVE-2025-21798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21798"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2015-4789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4789"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21980"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21889"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-38328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38328"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2023-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3195"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2021-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20243"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21937"
},
{
"name": "CVE-2014-9157",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9157"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2024-58088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2011-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3374"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2021-26260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26260"
},
{
"name": "CVE-2023-0922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0922"
},
{
"name": "CVE-2025-38100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38100"
},
{
"name": "CVE-2017-18250",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18250"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1372"
},
{
"name": "CVE-2025-40002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40002"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2025-8851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8851"
},
{
"name": "CVE-2024-58010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58010"
},
{
"name": "CVE-2025-38043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-57973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57973"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2001-1268",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1268"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22017"
},
{
"name": "CVE-2025-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38108"
},
{
"name": "CVE-2025-21783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
},
{
"name": "CVE-2025-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38229"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-21786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2020-27769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27769"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2014-9748",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9748"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2014-8141",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8141"
},
{
"name": "CVE-2022-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1623"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2025-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21951"
},
{
"name": "CVE-2024-38829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38829"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2017-6831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6831"
},
{
"name": "CVE-2024-58034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58034"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2021-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2023-38471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38471"
},
{
"name": "CVE-2022-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
},
{
"name": "CVE-2020-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27776"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-21743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21743"
},
{
"name": "CVE-2025-38147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38147"
},
{
"name": "CVE-2023-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
},
{
"name": "CVE-2023-34475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34475"
},
{
"name": "CVE-2024-26896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26896"
},
{
"name": "CVE-2025-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38286"
},
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2024-24762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-3220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2021-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
},
{
"name": "CVE-2025-12380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12380"
},
{
"name": "CVE-2022-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42010"
},
{
"name": "CVE-2015-4787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4787"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2025-21847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
},
{
"name": "CVE-2022-2929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2929"
},
{
"name": "CVE-2018-15120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15120"
},
{
"name": "CVE-2024-58069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58069"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2016-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0682"
},
{
"name": "CVE-2025-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4287"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2025-21731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21731"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2021-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3605"
},
{
"name": "CVE-2025-38515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38515"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8277"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2017-10928",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10928"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2025-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38163"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2017-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12429"
},
{
"name": "CVE-2025-38444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38444"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2023-2157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2157"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2024-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
},
{
"name": "CVE-2024-58082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58082"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2025-55551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"name": "CVE-2023-48368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48368"
},
{
"name": "CVE-2014-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4715"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38157"
},
{
"name": "CVE-2023-24757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24757"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2022-31683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31683"
},
{
"name": "CVE-2020-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22218"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2015-4776",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4776"
},
{
"name": "CVE-2025-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21872"
},
{
"name": "CVE-2017-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3616"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2017-6832",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6832"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2024-45720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45720"
},
{
"name": "CVE-2022-1056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1056"
},
{
"name": "CVE-2018-10805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10805"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2025-38219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38219"
},
{
"name": "CVE-2015-4785",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4785"
},
{
"name": "CVE-2025-38466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38466"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2020-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15095"
},
{
"name": "CVE-2018-16328",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16328"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-5745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5745"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2022-43239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43239"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2022-32546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32546"
},
{
"name": "CVE-2025-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0838"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2025-55553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55553"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-21796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-21691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21691"
},
{
"name": "CVE-2021-4219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4219"
},
{
"name": "CVE-2018-15798",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15798"
},
{
"name": "CVE-2025-55154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55154"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2017-11447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11447"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2023-39593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39593"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-46569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46569"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2018-14434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14434"
},
{
"name": "CVE-2019-6293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6293"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2602"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2021-3468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3468"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-58061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58061"
},
{
"name": "CVE-2025-46148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46148"
},
{
"name": "CVE-2024-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58058"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2149"
},
{
"name": "CVE-2021-3502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3502"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2018-16329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16329"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58056"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-21725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21725"
},
{
"name": "CVE-2024-43790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43790"
},
{
"name": "CVE-2025-38313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38313"
},
{
"name": "CVE-2025-38336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38336"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2025-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22009"
},
{
"name": "CVE-2025-38061",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2025-21727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21727"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2015-4764",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4764"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-43240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43240"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2025-5987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2015-4779",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4779"
},
{
"name": "CVE-2021-20312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20312"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2024-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
},
{
"name": "CVE-2023-52593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52593"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2023-26785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26785"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2020-14664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14664"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2024-57970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57970"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21929"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2025-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21735"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2025-3000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3000"
},
{
"name": "CVE-2022-3213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3213"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-38112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38112"
},
{
"name": "CVE-2025-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5878"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2024-58063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58063"
},
{
"name": "CVE-2015-4780",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4780"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2025-38500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38500"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-24293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24293"
},
{
"name": "CVE-2025-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8961"
},
{
"name": "CVE-2025-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21977"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2025-21779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
},
{
"name": "CVE-2024-58005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58005"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-38203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38203"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2022-0909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0909"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2023-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38633"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2021-46312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46312"
},
{
"name": "CVE-2018-14628",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14628"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38476"
},
{
"name": "CVE-2019-6461",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6461"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2025-38004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2015-5262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
},
{
"name": "CVE-2022-43244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43244"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2015-7696",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7696"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2025-38387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38387"
},
{
"name": "CVE-2023-45922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45922"
},
{
"name": "CVE-2015-4754",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4754"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-38362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38362"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-39046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39046"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2025-40004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40004"
},
{
"name": "CVE-2017-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7619"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-38371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38371"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-57982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57982"
},
{
"name": "CVE-2025-38445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38445"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-21746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-24070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24070"
},
{
"name": "CVE-2025-38461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
},
{
"name": "CVE-2019-17547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17547"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2021-36411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36411"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2018-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10919"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2025-53014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53014"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2018-10804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10804"
},
{
"name": "CVE-2025-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38159"
},
{
"name": "CVE-2022-0907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0907"
},
{
"name": "CVE-2021-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2025-38066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-3670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3670"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2015-4790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4790"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2025-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2024-6174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6174"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2025-38305",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38305"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2025-38067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38067"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
},
{
"name": "CVE-2024-58054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58054"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
},
{
"name": "CVE-2022-28738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2015-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2624"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40364"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2025-38068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2013-2064",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2064"
},
{
"name": "CVE-2025-38401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38401"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2024-58070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58070"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2020-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25663"
},
{
"name": "CVE-2022-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2024-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58057"
},
{
"name": "CVE-2025-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0306"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-58007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58007"
},
{
"name": "CVE-2023-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1355"
},
{
"name": "CVE-2025-21995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21995"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37967"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2025-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21915"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38102"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2015-2654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2654"
},
{
"name": "CVE-2025-55560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55560"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2024-58018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58018"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2022-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1210"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2015-4778",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4778"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2024-58090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58090"
},
{
"name": "CVE-2025-59842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59842"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2024-27766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27766"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2025-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21714"
},
{
"name": "CVE-2024-58078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58078"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-38399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38399"
},
{
"name": "CVE-2025-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21972"
},
{
"name": "CVE-2025-38065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2024-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
},
{
"name": "CVE-2023-34153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34153"
},
{
"name": "CVE-2023-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3618"
},
{
"name": "CVE-2020-14153",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14153"
},
{
"name": "CVE-2022-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1114"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2025-38412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38412"
},
{
"name": "CVE-2025-38031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2011-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2207"
},
{
"name": "CVE-2025-54874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54874"
},
{
"name": "CVE-2017-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3617"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2025-38293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38293"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21830"
},
{
"name": "CVE-2018-12600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12600"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2025-38184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38184"
},
{
"name": "CVE-2017-3615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3615"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2025-9340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9340"
},
{
"name": "CVE-2023-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24758"
},
{
"name": "CVE-2025-55552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-61921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-27587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
},
{
"name": "CVE-2016-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7531"
},
{
"name": "CVE-2006-3082",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3082"
},
{
"name": "CVE-2023-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5341"
},
{
"name": "CVE-2025-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8534"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3262"
},
{
"name": "CVE-2025-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21986"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-0743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0743"
},
{
"name": "CVE-2025-21961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21961"
},
{
"name": "CVE-2025-38458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38458"
},
{
"name": "CVE-2025-6297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6297"
},
{
"name": "CVE-2016-10062",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10062"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2024-57974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57974"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2023-34152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34152"
},
{
"name": "CVE-2022-43249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43249"
},
{
"name": "CVE-2025-38034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
},
{
"name": "CVE-2024-58085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58085"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2017-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3608"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-57996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"name": "CVE-2025-38135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38135"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2022-43242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43242"
},
{
"name": "CVE-2019-2708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
},
{
"name": "CVE-2025-38312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38312"
},
{
"name": "CVE-2016-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0692"
},
{
"name": "CVE-2019-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14844"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"name": "CVE-2025-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21946"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2025-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21982"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"name": "CVE-2023-46219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-21828",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21828"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
},
{
"name": "CVE-2025-38363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38363"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21936"
},
{
"name": "CVE-2022-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0865"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2025-38319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38319"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58013"
},
{
"name": "CVE-2022-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0529"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2016-7514",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7514"
},
{
"name": "CVE-2015-4782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4782"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2025-9092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9092"
},
{
"name": "CVE-2025-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"name": "CVE-2025-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38457"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2021-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3598"
},
{
"name": "CVE-2025-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21880"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-38212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38212"
},
{
"name": "CVE-2017-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3610"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-58266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58266"
},
{
"name": "CVE-2025-38298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38298"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-37974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37974"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2024-57834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
},
{
"name": "CVE-2025-55197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55197"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55558"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2024-58017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58017"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-38078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
},
{
"name": "CVE-2025-21809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21809"
},
{
"name": "CVE-2025-38419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38419"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2021-32490",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32490"
},
{
"name": "CVE-2020-27768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27768"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2016-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5118"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2023-46045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46045"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2015-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4788"
},
{
"name": "CVE-2025-55557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55557"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"name": "CVE-2025-2999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2999"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2021-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35452"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2020-10251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10251"
},
{
"name": "CVE-2024-11584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11584"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2020-2981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2981"
},
{
"name": "CVE-2025-21745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21745"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2020-18781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18781"
},
{
"name": "CVE-2025-7709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7709"
},
{
"name": "CVE-2024-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
},
{
"name": "CVE-2025-38077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
},
{
"name": "CVE-2025-38251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38251"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-38120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38120"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2025-38285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38285"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37750"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2025-38161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38161"
},
{
"name": "CVE-2025-9640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9640"
},
{
"name": "CVE-2022-1897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
},
{
"name": "CVE-2022-43248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43248"
},
{
"name": "CVE-2016-3418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3418"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2024-58081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58081"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21814"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2017-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6829"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2021-4214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4214"
},
{
"name": "CVE-2025-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21911"
},
{
"name": "CVE-2023-24752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24752"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-43245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43245"
},
{
"name": "CVE-2015-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2656"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2018-9133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9133"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38115"
},
{
"name": "CVE-2025-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2025-21816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21816"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2021-36410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36410"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2017-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3612"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
},
{
"name": "CVE-2025-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38153"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31439"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-21776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
},
{
"name": "CVE-2024-58003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58003"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-55193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55193"
},
{
"name": "CVE-2025-38395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38395"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2022-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42011"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38337"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38727"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2024-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1013"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-30258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30258"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-38465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38465"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-38513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38513"
},
{
"name": "CVE-2025-21736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21736"
},
{
"name": "CVE-2025-21997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21997"
},
{
"name": "CVE-2025-21741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21741"
},
{
"name": "CVE-2020-18032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18032"
},
{
"name": "CVE-2017-6833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6833"
},
{
"name": "CVE-2025-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21808"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-58076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58076"
},
{
"name": "CVE-2023-24751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24751"
},
{
"name": "CVE-2025-21708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21708"
},
{
"name": "CVE-2015-4784",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4784"
},
{
"name": "CVE-2021-4048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4048"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21720"
},
{
"name": "CVE-2025-32463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32463"
},
{
"name": "CVE-2015-7747",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7747"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2025-55004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55004"
},
{
"name": "CVE-2014-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8139"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
},
{
"name": "CVE-2025-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38441"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2023-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38037"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2022-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2519"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21711"
},
{
"name": "CVE-2025-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2998"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2021-20313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20313"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-21978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21978"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2023-45913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45913"
},
{
"name": "CVE-2018-13153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13153"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21947"
},
{
"name": "CVE-2025-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21913"
},
{
"name": "CVE-2023-34474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34474"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-38227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38227"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-58079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58079"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2021-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45931"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2021-28544",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28544"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2025-21734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21734"
},
{
"name": "CVE-2025-32728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32728"
},
{
"name": "CVE-2023-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2021-44964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44964"
},
{
"name": "CVE-2025-6141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
},
{
"name": "CVE-2022-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42012"
},
{
"name": "CVE-2018-14437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14437"
},
{
"name": "CVE-2024-13978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13978"
},
{
"name": "CVE-2025-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21890"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2021-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3596"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2024-57883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57883"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2017-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6830"
},
{
"name": "CVE-2025-21927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21927"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-21799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21799"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2015-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2626"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-21748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21748"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2021-46310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46310"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21883"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-38074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38074"
},
{
"name": "CVE-2024-58086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
},
{
"name": "CVE-2025-38119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38119"
},
{
"name": "CVE-2025-38245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38245"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2025-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21898"
},
{
"name": "CVE-2020-14152",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14152"
},
{
"name": "CVE-2025-38324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38324"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2024-58051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58051"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2025-9390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9390"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2025-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
},
{
"name": "CVE-2019-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9904"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2025-9165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9165"
},
{
"name": "CVE-2023-1981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1981"
},
{
"name": "CVE-2023-30571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30571"
},
{
"name": "CVE-2022-2231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2231"
},
{
"name": "CVE-2025-46150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46150"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2025-21812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21812"
},
{
"name": "CVE-2015-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4781"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38542"
},
{
"name": "CVE-2025-38344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38344"
},
{
"name": "CVE-2023-28120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28120"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2025-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38088"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2025-38332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38332"
},
{
"name": "CVE-2020-35492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35492"
},
{
"name": "CVE-2025-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21908"
},
{
"name": "CVE-2023-1289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1289"
},
{
"name": "CVE-2025-38386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38386"
},
{
"name": "CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2017-3605",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3605"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-23165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2025-9341",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9341"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-21895",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21895"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2018-16412",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16412"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2019-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6462"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2021-32493",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32493"
},
{
"name": "CVE-2023-24754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24754"
},
{
"name": "CVE-2020-29509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29509"
},
{
"name": "CVE-2023-5568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5568"
},
{
"name": "CVE-2023-38470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38470"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2025-38237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38237"
},
{
"name": "CVE-2025-38174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38174"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2025-6170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6170"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-58019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58019"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2025-21888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21888"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2025-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
},
{
"name": "CVE-2017-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3609"
},
{
"name": "CVE-2024-57990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57990"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2014-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9636"
},
{
"name": "CVE-2025-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5351"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2022-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
},
{
"name": "CVE-2017-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3611"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2022-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2521"
},
{
"name": "CVE-2023-49582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49582"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21976"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-57975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57975"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-32491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32491"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2022-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-0924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0924"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2022-33068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33068"
},
{
"name": "CVE-2025-38342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38342"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-58068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58068"
},
{
"name": "CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"name": "CVE-2015-4777",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4777"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2025-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38167"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2024-57998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57998"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2025-38257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38257"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-38206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38206"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2023-47282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47282"
},
{
"name": "CVE-2016-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-20012"
},
{
"name": "CVE-2025-38111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38111"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2022-44638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44638"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2025-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21950"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2019-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3792"
},
{
"name": "CVE-2022-43235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43235"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2017-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3614"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22001"
},
{
"name": "CVE-2024-10524",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10524"
},
{
"name": "CVE-2025-40017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40017"
},
{
"name": "CVE-2023-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45919"
},
{
"name": "CVE-2025-38326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38326"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2018-15607",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15607"
},
{
"name": "CVE-2025-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21899"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-38384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38384"
},
{
"name": "CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-38424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38424"
},
{
"name": "CVE-2025-38430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38430"
},
{
"name": "CVE-2025-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
},
{
"name": "CVE-2025-3001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3001"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-32545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32545"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2025-21820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21820"
},
{
"name": "CVE-2017-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6838"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-41817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41817"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58071"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6835"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2025-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38420"
},
{
"name": "CVE-2021-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3521"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-21943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21943"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2024-57997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57997"
},
{
"name": "CVE-2025-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38160"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-31782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31782"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-38107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38107"
},
{
"name": "CVE-2025-32434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32434"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2025-38085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"name": "CVE-2025-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21806"
},
{
"name": "CVE-2025-38222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38222"
},
{
"name": "CVE-2025-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38197"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2022-43253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43253"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2025-53019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53019"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-53367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53367"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2021-45942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45942"
},
{
"name": "CVE-2022-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1615"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2021-20246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20246"
},
{
"name": "CVE-2025-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21707"
},
{
"name": "CVE-2023-24755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24755"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-38467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38467"
},
{
"name": "CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"name": "CVE-2025-21804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21804"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2025-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
},
{
"name": "CVE-2017-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6837"
},
{
"name": "CVE-2014-9913",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9913"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2024-37407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37407"
},
{
"name": "CVE-2015-4775",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4775"
},
{
"name": "CVE-2025-22011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22011"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2022-43252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43252"
},
{
"name": "CVE-2023-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0614"
},
{
"name": "CVE-2016-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0694"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2024-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
},
{
"name": "CVE-2020-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21606"
},
{
"name": "CVE-2025-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2001-1269",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1269"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2025-38058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"name": "CVE-2023-20873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-38617",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38617"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2023-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47169"
},
{
"name": "CVE-2025-38122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38122"
},
{
"name": "CVE-2025-21801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21801"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2015-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2583"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-38173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38173"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2025-2148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2148"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-38143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38143"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
},
{
"name": "CVE-2023-38469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38469"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2025-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
},
{
"name": "CVE-2025-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1365"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2023-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52970"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2016-5841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5841"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53101"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2022-44267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44267"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2015-4783",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4783"
},
{
"name": "CVE-2019-8321",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8321"
},
{
"name": "CVE-2025-21826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21826"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2015-4774",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4774"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-21750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21750"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21912"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2025-46393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46393"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2021-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0561"
},
{
"name": "CVE-2018-12599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12599"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-38416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38416"
},
{
"name": "CVE-2022-1587",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1587"
},
{
"name": "CVE-2025-21825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21825"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-0284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0284"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2024-58016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58016"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2025-21903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21903"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2025-38194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38194"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2023-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1667"
},
{
"name": "CVE-2022-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2953"
},
{
"name": "CVE-2022-43238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43238"
},
{
"name": "CVE-2025-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3121"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2024-20696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20696"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-46149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46149"
},
{
"name": "CVE-2021-26945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26945"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2022-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3219"
},
{
"name": "CVE-2025-46152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46152"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2025-38348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38348"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21885"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2025-21784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38540"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2022-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28463"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2025-21726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21726"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2018-3779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3779"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2024-27407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27407"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2022-28805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28805"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"name": "CVE-2017-3604",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3604"
},
{
"name": "CVE-2025-21723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21723"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2025-21802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21802"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2025-38146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38146"
},
{
"name": "CVE-2025-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21705"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2022-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1355"
},
{
"name": "CVE-2025-47291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47291"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2025-38418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38418"
},
{
"name": "CVE-2025-38090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38090"
},
{
"name": "CVE-2025-21721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21721"
},
{
"name": "CVE-2025-21810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21810"
},
{
"name": "CVE-2022-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2021-24031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24031"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2025-46153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46153"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2025-5994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5994"
},
{
"name": "CVE-2021-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38115"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2021-31879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31879"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2021-20309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20309"
},
{
"name": "CVE-2022-29217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29217"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38472"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2017-12643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12643"
},
{
"name": "CVE-2024-57953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57953"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2021-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26720"
},
{
"name": "CVE-2025-54801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54801"
},
{
"name": "CVE-2025-40909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21878"
},
{
"name": "CVE-2023-24756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24756"
},
{
"name": "CVE-2017-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3607"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2022-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2520"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-9403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9403"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-21739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
},
{
"name": "CVE-2016-4074",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4074"
},
{
"name": "CVE-2024-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0746"
},
{
"name": "CVE-2025-21775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2022-33099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33099"
},
{
"name": "CVE-2023-45931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45931"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-38400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38400"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26775"
},
{
"name": "CVE-2022-25309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25309"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-38136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38136"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2025-55212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55212"
},
{
"name": "CVE-2022-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36087"
},
{
"name": "CVE-2022-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32547"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-26280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26280"
},
{
"name": "CVE-2025-37752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37752"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2025-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21873"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-38048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2018-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11655"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2022-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2928"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2025-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38477"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-57803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57803"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2023-31437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31437"
},
{
"name": "CVE-2023-47039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47039"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2023-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37769"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2020-29511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29511"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2015-7697",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7697"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21742"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-43243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43243"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2017-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16231"
},
{
"name": "CVE-2025-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38406"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21930"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
},
{
"name": "CVE-2017-9409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9409"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2025-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21892"
},
{
"name": "CVE-2024-58052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58052"
},
{
"name": "CVE-2025-21944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21944"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2016-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0689"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-54456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21920"
},
{
"name": "CVE-2025-55554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
},
{
"name": "CVE-2024-43168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43168"
},
{
"name": "CVE-2014-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8140"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22016"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2021-45346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
},
{
"name": "CVE-2025-37756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37756"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2025-38263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38263"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-46901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46901"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2025-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21955"
},
{
"name": "CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"name": "CVE-2025-21773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2025-38218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38218"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1352"
},
{
"name": "CVE-2024-43167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43167"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2018-1000035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000035"
},
{
"name": "CVE-2021-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40211"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-58001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58001"
},
{
"name": "CVE-2025-38393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38393"
},
{
"name": "CVE-2024-26256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2023-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2283"
},
{
"name": "CVE-2020-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0499"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3136"
},
{
"name": "CVE-2025-55160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55160"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-38249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38249"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2025-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22013"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2022-48703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48703"
},
{
"name": "CVE-2025-38154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38154"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30699"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2025-38389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38389"
},
{
"name": "CVE-2025-38448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38448"
},
{
"name": "CVE-2022-48281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48281"
},
{
"name": "CVE-2023-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2426"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2025-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1632"
},
{
"name": "CVE-2021-20176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20176"
},
{
"name": "CVE-2025-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21979"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2025-55298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55298"
},
{
"name": "CVE-2022-43241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43241"
},
{
"name": "CVE-2017-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3606"
},
{
"name": "CVE-2023-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52969"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-38377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38377"
},
{
"name": "CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"name": "CVE-2025-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21733"
},
{
"name": "CVE-2023-22656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22656"
},
{
"name": "CVE-2025-46551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46551"
},
{
"name": "CVE-2025-43965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43965"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2021-36408",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36408"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2023-39327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39327"
},
{
"name": "CVE-2017-18253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18253"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-26462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26462"
},
{
"name": "CVE-2024-58053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58053"
},
{
"name": "CVE-2025-38516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38516"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-38462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38462"
},
{
"name": "CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"name": "CVE-2025-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38428"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2018-13410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13410"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-38262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38262"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2025-38138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38138"
},
{
"name": "CVE-2021-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3610"
},
{
"name": "CVE-2024-58077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58077"
},
{
"name": "CVE-2025-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
},
{
"name": "CVE-2025-21754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21754"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2025-38035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21960"
},
{
"name": "CVE-2025-38310",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38310"
},
{
"name": "CVE-2025-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
},
{
"name": "CVE-2015-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4786"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2022-43250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43250"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2025-38226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38226"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2023-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38473"
},
{
"name": "CVE-2025-38443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38443"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-52099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52099"
},
{
"name": "CVE-2023-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43887"
},
{
"name": "CVE-2025-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21967"
},
{
"name": "CVE-2025-7424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2021-24032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
},
{
"name": "CVE-2025-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38439"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-38145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38145"
},
{
"name": "CVE-2022-2598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2598"
},
{
"name": "CVE-2020-27829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27829"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-21856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2022-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2509"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-21749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21749"
},
{
"name": "CVE-2017-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6839"
},
{
"name": "CVE-2023-1906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1906"
},
{
"name": "CVE-2025-40025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2023-47471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47471"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2022-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1771"
},
{
"name": "CVE-2025-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21945"
},
{
"name": "CVE-2021-32492",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32492"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-55005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55005"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2025-38044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
},
{
"name": "CVE-2022-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1586"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2025-38498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
},
{
"name": "CVE-2025-40015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40015"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2025-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21829"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2024-57999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57999"
},
{
"name": "CVE-2018-16645",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16645"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2025-21969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21969"
},
{
"name": "CVE-2025-38200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38200"
},
{
"name": "CVE-2025-40007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40007"
},
{
"name": "CVE-2024-58072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58072"
},
{
"name": "CVE-2025-38273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38273"
},
{
"name": "CVE-2025-38346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38346"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2025-21722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21722"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-21793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
},
{
"name": "CVE-2022-2719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2719"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
},
{
"name": "CVE-2023-34151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34151"
},
{
"name": "CVE-2023-51384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
},
{
"name": "CVE-2021-43809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43809"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2015-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1606"
},
{
"name": "CVE-2025-21894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21894"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2023-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3896"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2025-21854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2020-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21599"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39978"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-38320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38320"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8177"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
},
{
"name": "CVE-2021-20311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20311"
},
{
"name": "CVE-2024-58055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58055"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2024-57993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57993"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2023-6246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
},
{
"name": "CVE-2021-20241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20241"
},
{
"name": "CVE-2017-12674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12674"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2025-62171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62171"
},
{
"name": "CVE-2025-38280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38280"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2025-50950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50950"
},
{
"name": "CVE-2020-21605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21605"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2025-38084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2017-1000476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000476"
},
{
"name": "CVE-2015-2640",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2640"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2015-8863",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8863"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2018-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11656"
},
{
"name": "CVE-2025-38103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38103"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2025-38514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38514"
},
{
"name": "CVE-2018-19876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19876"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2021-20310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20310"
},
{
"name": "CVE-2021-20245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20245"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2025-21732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21732"
},
{
"name": "CVE-2025-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38569"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2023-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22796"
},
{
"name": "CVE-2025-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21875"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2025-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38204"
},
{
"name": "CVE-2021-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40812"
},
{
"name": "CVE-2021-4217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4217"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2025-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22015"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2025-21832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21832"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2018-9135",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9135"
},
{
"name": "CVE-2025-38410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38410"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2021-39212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39212"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2017-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12433"
},
{
"name": "CVE-2025-21924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21924"
},
{
"name": "CVE-2021-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3574"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-58006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58006"
},
{
"name": "CVE-2025-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21710"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2025-22088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22088"
},
{
"name": "CVE-2025-38460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38460"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2025-38345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2025-21815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21815"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2017-6836",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6836"
},
{
"name": "CVE-2021-3500",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3500"
},
{
"name": "CVE-2022-25310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25310"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2021-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
},
{
"name": "CVE-2025-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57807"
},
{
"name": "CVE-2025-38231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38231"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2025-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21716"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2024-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0567"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2024-58080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58080"
},
{
"name": "CVE-2025-21744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21744"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2025-31498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31498"
},
{
"name": "CVE-2022-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30698"
},
{
"name": "CVE-2023-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31438"
},
{
"name": "CVE-2024-57986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57986"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2021-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20244"
},
{
"name": "CVE-2025-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38181"
},
{
"name": "CVE-2025-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
},
{
"name": "CVE-2025-38391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38391"
},
{
"name": "CVE-2025-11411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2016-9844",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9844"
},
{
"name": "CVE-2019-13136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13136"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
},
{
"name": "CVE-2021-3941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3941"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2025-21811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21811"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0969",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36320",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36320"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36423",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36423"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36364"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36351"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36424",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36424"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36412",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36412"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36388",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36388"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36426",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36426"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36411",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36411"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36357",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36357"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36408",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36408"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36349",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36349"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36414",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36414"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36397",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36397"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36389",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36389"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36398",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36398"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36380",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36380"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-41",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36407"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36362",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36362"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36413",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36413"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36384",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36384"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36379",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36379"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36400",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36400"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36377",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36377"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36368",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36368"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36418",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36418"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36420",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36420"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36391",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36391"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36392",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36392"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36353",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36353"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-14",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36356"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36422",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36422"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36381",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36381"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36421",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36421"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36416",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36416"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-86",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36415"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36403",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36403"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36347",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36347"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36383",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36383"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36410",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36410"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36352",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36352"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36394",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36394"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36354",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36354"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36399",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36399"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36350"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36419",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36419"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-85",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36401"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2022-19",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36365"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36405"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36367"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36395",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36395"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36387",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36387"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36363",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36363"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36385",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36385"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36409",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36409"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36359"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36348",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36348"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36386",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36386"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36417",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36417"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36425",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36425"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2018-27",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36366"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36360"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36355",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36355"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-53",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36358"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36396",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36396"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36378",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36378"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36382",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36382"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36404"
},
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-44",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36361"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36402",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36402"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36393",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36393"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36406",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36406"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36390",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36390"
}
]
}
opensuse-su-2025:15243-1
Vulnerability from csaf_opensuse
Published
2025-07-03 00:00
Modified
2025-07-03 00:00
Summary
libssh-config-0.11.2-1.1 on GA media
Notes
Title of the patch
libssh-config-0.11.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the libssh-config-0.11.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15243
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libssh-config-0.11.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libssh-config-0.11.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15243",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15243-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5987/"
}
],
"title": "libssh-config-0.11.2-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15243-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.11.2-1.1.aarch64",
"product": {
"name": "libssh-config-0.11.2-1.1.aarch64",
"product_id": "libssh-config-0.11.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.11.2-1.1.aarch64",
"product": {
"name": "libssh-devel-0.11.2-1.1.aarch64",
"product_id": "libssh-devel-0.11.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-0.11.2-1.1.aarch64",
"product": {
"name": "libssh4-0.11.2-1.1.aarch64",
"product_id": "libssh4-0.11.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.11.2-1.1.aarch64",
"product": {
"name": "libssh4-32bit-0.11.2-1.1.aarch64",
"product_id": "libssh4-32bit-0.11.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.11.2-1.1.ppc64le",
"product": {
"name": "libssh-config-0.11.2-1.1.ppc64le",
"product_id": "libssh-config-0.11.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.11.2-1.1.ppc64le",
"product": {
"name": "libssh-devel-0.11.2-1.1.ppc64le",
"product_id": "libssh-devel-0.11.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh4-0.11.2-1.1.ppc64le",
"product": {
"name": "libssh4-0.11.2-1.1.ppc64le",
"product_id": "libssh4-0.11.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.11.2-1.1.ppc64le",
"product": {
"name": "libssh4-32bit-0.11.2-1.1.ppc64le",
"product_id": "libssh4-32bit-0.11.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.11.2-1.1.s390x",
"product": {
"name": "libssh-config-0.11.2-1.1.s390x",
"product_id": "libssh-config-0.11.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.11.2-1.1.s390x",
"product": {
"name": "libssh-devel-0.11.2-1.1.s390x",
"product_id": "libssh-devel-0.11.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-0.11.2-1.1.s390x",
"product": {
"name": "libssh4-0.11.2-1.1.s390x",
"product_id": "libssh4-0.11.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.11.2-1.1.s390x",
"product": {
"name": "libssh4-32bit-0.11.2-1.1.s390x",
"product_id": "libssh4-32bit-0.11.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.11.2-1.1.x86_64",
"product": {
"name": "libssh-config-0.11.2-1.1.x86_64",
"product_id": "libssh-config-0.11.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.11.2-1.1.x86_64",
"product": {
"name": "libssh-devel-0.11.2-1.1.x86_64",
"product_id": "libssh-devel-0.11.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-0.11.2-1.1.x86_64",
"product": {
"name": "libssh4-0.11.2-1.1.x86_64",
"product_id": "libssh4-0.11.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.11.2-1.1.x86_64",
"product": {
"name": "libssh4-32bit-0.11.2-1.1.x86_64",
"product_id": "libssh4-32bit-0.11.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.11.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64"
},
"product_reference": "libssh-config-0.11.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.11.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le"
},
"product_reference": "libssh-config-0.11.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.11.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x"
},
"product_reference": "libssh-config-0.11.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.11.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64"
},
"product_reference": "libssh-config-0.11.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.11.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64"
},
"product_reference": "libssh-devel-0.11.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.11.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le"
},
"product_reference": "libssh-devel-0.11.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.11.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x"
},
"product_reference": "libssh-devel-0.11.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.11.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64"
},
"product_reference": "libssh-devel-0.11.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.11.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64"
},
"product_reference": "libssh4-0.11.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.11.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le"
},
"product_reference": "libssh4-0.11.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.11.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x"
},
"product_reference": "libssh4-0.11.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.11.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64"
},
"product_reference": "libssh4-0.11.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.11.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64"
},
"product_reference": "libssh4-32bit-0.11.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.11.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le"
},
"product_reference": "libssh4-32bit-0.11.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.11.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x"
},
"product_reference": "libssh4-32bit-0.11.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.11.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
},
"product_reference": "libssh4-32bit-0.11.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4877"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it\u0027s possible that the program perform out of bounds write leading to a heap corruption.\nThis issue affects only 32-bits builds of libssh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4877",
"url": "https://www.suse.com/security/cve/CVE-2025-4877"
},
{
"category": "external",
"summary": "SUSE Bug 1245309 for CVE-2025-4877",
"url": "https://bugzilla.suse.com/1245309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-4878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4878"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn\u0027t exist and may lead to possible signing failures or heap corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4878",
"url": "https://www.suse.com/security/cve/CVE-2025-4878"
},
{
"category": "external",
"summary": "SUSE Bug 1245310 for CVE-2025-4878",
"url": "https://bugzilla.suse.com/1245310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5318"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5318",
"url": "https://www.suse.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Bug 1245311 for CVE-2025-5318",
"url": "https://bugzilla.suse.com/1245311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5351"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5351",
"url": "https://www.suse.com/security/cve/CVE-2025-5351"
},
{
"category": "external",
"summary": "SUSE Bug 1245312 for CVE-2025-5351",
"url": "https://bugzilla.suse.com/1245312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-5351"
},
{
"cve": "CVE-2025-5372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5372"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success-the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions\u0027 confidentiality, integrity, and availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5372",
"url": "https://www.suse.com/security/cve/CVE-2025-5372"
},
{
"category": "external",
"summary": "SUSE Bug 1245314 for CVE-2025-5372",
"url": "https://bugzilla.suse.com/1245314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-5372"
},
{
"cve": "CVE-2025-5449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5449"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5449",
"url": "https://www.suse.com/security/cve/CVE-2025-5449"
},
{
"category": "external",
"summary": "SUSE Bug 1245316 for CVE-2025-5449",
"url": "https://bugzilla.suse.com/1245316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-5449"
},
{
"cve": "CVE-2025-5987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5987"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5987",
"url": "https://www.suse.com/security/cve/CVE-2025-5987"
},
{
"category": "external",
"summary": "SUSE Bug 1245317 for CVE-2025-5987",
"url": "https://bugzilla.suse.com/1245317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-config-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh-devel-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-0.11.2-1.1.x86_64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.aarch64",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.ppc64le",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.s390x",
"openSUSE Tumbleweed:libssh4-32bit-0.11.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-5987"
}
]
}
rhsa-2025:19400
Vulnerability from csaf_redhat
Published
2025-11-03 01:22
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19400",
"url": "https://access.redhat.com/errata/RHSA-2025:19400"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19400.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:24+00:00",
"generator": {
"date": "2025-11-11T20:32:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19400",
"initial_release_date": "2025-11-03T01:22:57+00:00",
"revision_history": [
{
"date": "2025-11-03T01:22:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T01:22:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.0-4.el8_2.1.i686",
"product": {
"name": "libssh-devel-0:0.9.0-4.el8_2.1.i686",
"product_id": "libssh-devel-0:0.9.0-4.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.0-4.el8_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"product": {
"name": "libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"product_id": "libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.0-4.el8_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"product": {
"name": "libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"product_id": "libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.0-4.el8_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.0-4.el8_2.1.i686",
"product": {
"name": "libssh-0:0.9.0-4.el8_2.1.i686",
"product_id": "libssh-0:0.9.0-4.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.0-4.el8_2.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"product": {
"name": "libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"product_id": "libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.0-4.el8_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"product": {
"name": "libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"product_id": "libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.0-4.el8_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"product_id": "libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.0-4.el8_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.0-4.el8_2.1.x86_64",
"product": {
"name": "libssh-0:0.9.0-4.el8_2.1.x86_64",
"product_id": "libssh-0:0.9.0-4.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.0-4.el8_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.0-4.el8_2.1.src",
"product": {
"name": "libssh-0:0.9.0-4.el8_2.1.src",
"product_id": "libssh-0:0.9.0-4.el8_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.0-4.el8_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.9.0-4.el8_2.1.noarch",
"product": {
"name": "libssh-config-0:0.9.0-4.el8_2.1.noarch",
"product_id": "libssh-config-0:0.9.0-4.el8_2.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.9.0-4.el8_2.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.0-4.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686"
},
"product_reference": "libssh-0:0.9.0-4.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.0-4.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src"
},
"product_reference": "libssh-0:0.9.0-4.el8_2.1.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.0-4.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64"
},
"product_reference": "libssh-0:0.9.0-4.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.0-4.el8_2.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch"
},
"product_reference": "libssh-config-0:0.9.0-4.el8_2.1.noarch",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.0-4.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.0-4.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.0-4.el8_2.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686"
},
"product_reference": "libssh-devel-0:0.9.0-4.el8_2.1.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.0-4.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.0-4.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686"
},
"product_reference": "libssh-0:0.9.0-4.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.0-4.el8_2.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src"
},
"product_reference": "libssh-0:0.9.0-4.el8_2.1.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.0-4.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64"
},
"product_reference": "libssh-0:0.9.0-4.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.0-4.el8_2.1.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch"
},
"product_reference": "libssh-config-0:0.9.0-4.el8_2.1.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.0-4.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.0-4.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.0-4.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686"
},
"product_reference": "libssh-devel-0:0.9.0-4.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.0-4.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch",
"BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T01:22:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch",
"BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19400"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch",
"BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686",
"AppStream-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libssh-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-config-0:0.9.0-4.el8_2.1.noarch",
"BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-debuginfo-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-debugsource-0:0.9.0-4.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libssh-devel-0:0.9.0-4.el8_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19295
Vulnerability from csaf_redhat
Published
2025-11-05 04:44
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.20.2 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.20.2 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.20.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.20.2. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/155628
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.20.2 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.20.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.20.2. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/155628\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19295",
"url": "https://access.redhat.com/errata/RHSA-2025:19295"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19295.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.20.2 bug fix and security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:23+00:00",
"generator": {
"date": "2025-11-11T20:32:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19295",
"initial_release_date": "2025-11-05T04:44:49+00:00",
"revision_history": [
{
"date": "2025-11-05T04:44:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-05T04:44:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.20",
"product": {
"name": "Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.20::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-4.20.9.6.202510290321-0",
"product": {
"name": "rhcos-aarch64-4.20.9.6.202510290321-0",
"product_id": "rhcos-aarch64-4.20.9.6.202510290321-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202510290321?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-4.20.9.6.202510290321-0",
"product": {
"name": "rhcos-ppc64le-4.20.9.6.202510290321-0",
"product_id": "rhcos-ppc64le-4.20.9.6.202510290321-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202510290321?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-4.20.9.6.202510290321-0",
"product": {
"name": "rhcos-s390x-4.20.9.6.202510290321-0",
"product_id": "rhcos-s390x-4.20.9.6.202510290321-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202510290321?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-4.20.9.6.202510290321-0",
"product": {
"name": "rhcos-x86_64-4.20.9.6.202510290321-0",
"product_id": "rhcos-x86_64-4.20.9.6.202510290321-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.20.9.6.202510290321?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-4.20.9.6.202510290321-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202510290321-0"
},
"product_reference": "rhcos-aarch64-4.20.9.6.202510290321-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-4.20.9.6.202510290321-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202510290321-0"
},
"product_reference": "rhcos-ppc64le-4.20.9.6.202510290321-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-4.20.9.6.202510290321-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202510290321-0"
},
"product_reference": "rhcos-s390x-4.20.9.6.202510290321-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-4.20.9.6.202510290321-0 as a component of Red Hat OpenShift Container Platform 4.20",
"product_id": "9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202510290321-0"
},
"product_reference": "rhcos-x86_64-4.20.9.6.202510290321-0",
"relates_to_product_reference": "9Base-RHOSE-4.20"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202510290321-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-05T04:44:49+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.20 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202510290321-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19295"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202510290321-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.20:rhcos-aarch64-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-ppc64le-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-s390x-4.20.9.6.202510290321-0",
"9Base-RHOSE-4.20:rhcos-x86_64-4.20.9.6.202510290321-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:18286
Vulnerability from csaf_redhat
Published
2025-10-20 02:19
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18286",
"url": "https://access.redhat.com/errata/RHSA-2025:18286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18286.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:21+00:00",
"generator": {
"date": "2025-11-11T20:32:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:18286",
"initial_release_date": "2025-10-20T02:19:30+00:00",
"revision_history": [
{
"date": "2025-10-20T02:19:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-20T02:19:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-15.el8_10.aarch64",
"product": {
"name": "libssh-devel-0:0.9.6-15.el8_10.aarch64",
"product_id": "libssh-devel-0:0.9.6-15.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-15.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"product": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"product_id": "libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-15.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"product_id": "libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-15.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.6-15.el8_10.aarch64",
"product": {
"name": "libssh-0:0.9.6-15.el8_10.aarch64",
"product_id": "libssh-0:0.9.6-15.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-15.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"product": {
"name": "libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"product_id": "libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-15.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"product_id": "libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-15.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"product_id": "libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-15.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.6-15.el8_10.ppc64le",
"product": {
"name": "libssh-0:0.9.6-15.el8_10.ppc64le",
"product_id": "libssh-0:0.9.6-15.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-15.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-15.el8_10.i686",
"product": {
"name": "libssh-devel-0:0.9.6-15.el8_10.i686",
"product_id": "libssh-devel-0:0.9.6-15.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-15.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-15.el8_10.i686",
"product": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.i686",
"product_id": "libssh-debugsource-0:0.9.6-15.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-15.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"product": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"product_id": "libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-15.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.6-15.el8_10.i686",
"product": {
"name": "libssh-0:0.9.6-15.el8_10.i686",
"product_id": "libssh-0:0.9.6-15.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-15.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-15.el8_10.x86_64",
"product": {
"name": "libssh-devel-0:0.9.6-15.el8_10.x86_64",
"product_id": "libssh-devel-0:0.9.6-15.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-15.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"product": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"product_id": "libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-15.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"product_id": "libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-15.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.6-15.el8_10.x86_64",
"product": {
"name": "libssh-0:0.9.6-15.el8_10.x86_64",
"product_id": "libssh-0:0.9.6-15.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-15.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-15.el8_10.s390x",
"product": {
"name": "libssh-devel-0:0.9.6-15.el8_10.s390x",
"product_id": "libssh-devel-0:0.9.6-15.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-15.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"product": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"product_id": "libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-15.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"product": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"product_id": "libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-15.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.6-15.el8_10.s390x",
"product": {
"name": "libssh-0:0.9.6-15.el8_10.s390x",
"product_id": "libssh-0:0.9.6-15.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-15.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-15.el8_10.src",
"product": {
"name": "libssh-0:0.9.6-15.el8_10.src",
"product_id": "libssh-0:0.9.6-15.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-15.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.9.6-15.el8_10.noarch",
"product": {
"name": "libssh-config-0:0.9.6-15.el8_10.noarch",
"product_id": "libssh-config-0:0.9.6-15.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.9.6-15.el8_10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-15.el8_10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch"
},
"product_reference": "libssh-config-0:0.9.6-15.el8_10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-15.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64"
},
"product_reference": "libssh-0:0.9.6-15.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-15.el8_10.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch"
},
"product_reference": "libssh-config-0:0.9.6-15.el8_10.noarch",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-15.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-15.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-15.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-15.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-20T02:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18286"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-config-0:0.9.6-15.el8_10.noarch",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debuginfo-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-debugsource-0:0.9.6-15.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libssh-devel-0:0.9.6-15.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19098
Vulnerability from csaf_redhat
Published
2025-10-27 01:38
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19098",
"url": "https://access.redhat.com/errata/RHSA-2025:19098"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19098.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:22+00:00",
"generator": {
"date": "2025-11-11T20:32:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19098",
"initial_release_date": "2025-10-27T01:38:38+00:00",
"revision_history": [
{
"date": "2025-10-27T01:38:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-27T01:38:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"product": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"product_id": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-4.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"product": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"product_id": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-4.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"product": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"product_id": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-4.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.6-4.el8_6.1.i686",
"product": {
"name": "libssh-0:0.9.6-4.el8_6.1.i686",
"product_id": "libssh-0:0.9.6-4.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-4.el8_6.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"product": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"product_id": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-4.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"product": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"product_id": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-4.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"product_id": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-4.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"product": {
"name": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"product_id": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-4.el8_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-4.el8_6.1.src",
"product": {
"name": "libssh-0:0.9.6-4.el8_6.1.src",
"product_id": "libssh-0:0.9.6-4.el8_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-4.el8_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"product": {
"name": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"product_id": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.9.6-4.el8_6.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-4.el8_6.1.aarch64",
"product": {
"name": "libssh-0:0.9.6-4.el8_6.1.aarch64",
"product_id": "libssh-0:0.9.6-4.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-4.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"product": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"product_id": "libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-4.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"product_id": "libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-4.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"product": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"product_id": "libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-4.el8_6.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-4.el8_6.1.ppc64le",
"product": {
"name": "libssh-0:0.9.6-4.el8_6.1.ppc64le",
"product_id": "libssh-0:0.9.6-4.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-4.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"product_id": "libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-4.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"product_id": "libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-4.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"product": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"product_id": "libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-4.el8_6.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-4.el8_6.1.s390x",
"product": {
"name": "libssh-0:0.9.6-4.el8_6.1.s390x",
"product_id": "libssh-0:0.9.6-4.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-4.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"product": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"product_id": "libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-4.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"product": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"product_id": "libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-4.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"product": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"product_id": "libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-4.el8_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-4.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-4.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-4.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-4.el8_6.1.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-4.el8_6.1.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-4.el8_6.1.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-4.el8_6.1.noarch",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-27T01:38:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19098"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"AppStream-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"AppStream-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libssh-devel-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libssh-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-config-0:0.9.6-4.el8_6.1.noarch",
"BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-debuginfo-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-debugsource-0:0.9.6-4.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libssh-devel-0:0.9.6-4.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:20943
Vulnerability from csaf_redhat
Published
2025-11-11 14:12
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:20943",
"url": "https://access.redhat.com/errata/RHSA-2025:20943"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_20943.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:28+00:00",
"generator": {
"date": "2025-11-11T20:32:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:20943",
"initial_release_date": "2025-11-11T14:12:42+00:00",
"revision_history": [
{
"date": "2025-11-11T14:12:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-11T14:12:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_7.aarch64",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_7.aarch64",
"product_id": "libssh-devel-0:0.10.4-15.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_7.aarch64",
"product": {
"name": "libssh-0:0.10.4-15.el9_7.aarch64",
"product_id": "libssh-0:0.10.4-15.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"product_id": "libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_7.ppc64le",
"product": {
"name": "libssh-0:0.10.4-15.el9_7.ppc64le",
"product_id": "libssh-0:0.10.4-15.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_7.i686",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_7.i686",
"product_id": "libssh-devel-0:0.10.4-15.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_7.i686",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.i686",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_7.i686",
"product": {
"name": "libssh-0:0.10.4-15.el9_7.i686",
"product_id": "libssh-0:0.10.4-15.el9_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_7?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_7.x86_64",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_7.x86_64",
"product_id": "libssh-devel-0:0.10.4-15.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_7.x86_64",
"product": {
"name": "libssh-0:0.10.4-15.el9_7.x86_64",
"product_id": "libssh-0:0.10.4-15.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_7.s390x",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_7.s390x",
"product_id": "libssh-devel-0:0.10.4-15.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_7.s390x",
"product": {
"name": "libssh-0:0.10.4-15.el9_7.s390x",
"product_id": "libssh-0:0.10.4-15.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_7.src",
"product": {
"name": "libssh-0:0.10.4-15.el9_7.src",
"product_id": "libssh-0:0.10.4-15.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.10.4-15.el9_7.noarch",
"product": {
"name": "libssh-config-0:0.10.4-15.el9_7.noarch",
"product_id": "libssh-config-0:0.10.4-15.el9_7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.10.4-15.el9_7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.10.4-15.el9_7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch"
},
"product_reference": "libssh-config-0:0.10.4-15.el9_7.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.src",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64"
},
"product_reference": "libssh-0:0.10.4-15.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.10.4-15.el9_7.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch"
},
"product_reference": "libssh-config-0:0.10.4-15.el9_7.noarch",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_7.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_7.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T14:12:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:20943"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src",
"AppStream-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.src",
"BaseOS-9.7.0.Z.MAIN:libssh-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-config-0:0.10.4-15.el9_7.noarch",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-debuginfo-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-debugsource-0:0.10.4-15.el9_7.x86_64",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.aarch64",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.i686",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.s390x",
"BaseOS-9.7.0.Z.MAIN:libssh-devel-0:0.10.4-15.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19101
Vulnerability from csaf_redhat
Published
2025-10-27 08:30
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19101",
"url": "https://access.redhat.com/errata/RHSA-2025:19101"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19101.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:22+00:00",
"generator": {
"date": "2025-11-11T20:32:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19101",
"initial_release_date": "2025-10-27T08:30:35+00:00",
"revision_history": [
{
"date": "2025-10-27T08:30:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-27T08:30:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-13.el8_8.1.src",
"product": {
"name": "libssh-0:0.9.6-13.el8_8.1.src",
"product_id": "libssh-0:0.9.6-13.el8_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-13.el8_8.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-13.el8_8.1.ppc64le",
"product": {
"name": "libssh-0:0.9.6-13.el8_8.1.ppc64le",
"product_id": "libssh-0:0.9.6-13.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-13.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"product_id": "libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-13.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"product_id": "libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-13.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"product": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"product_id": "libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-13.el8_8.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-13.el8_8.1.i686",
"product": {
"name": "libssh-0:0.9.6-13.el8_8.1.i686",
"product_id": "libssh-0:0.9.6-13.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-13.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"product": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"product_id": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-13.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"product": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"product_id": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-13.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-13.el8_8.1.i686",
"product": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.i686",
"product_id": "libssh-devel-0:0.9.6-13.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-13.el8_8.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-13.el8_8.1.x86_64",
"product": {
"name": "libssh-0:0.9.6-13.el8_8.1.x86_64",
"product_id": "libssh-0:0.9.6-13.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-13.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"product": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"product_id": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-13.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"product_id": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-13.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"product": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"product_id": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-13.el8_8.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.9.6-13.el8_8.1.noarch",
"product": {
"name": "libssh-config-0:0.9.6-13.el8_8.1.noarch",
"product_id": "libssh-config-0:0.9.6-13.el8_8.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.9.6-13.el8_8.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-13.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-13.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-13.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-13.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-13.el8_8.1.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-13.el8_8.1.noarch",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-13.el8_8.1.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-13.el8_8.1.noarch",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-27T08:30:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19101"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"AppStream-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libssh-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libssh-devel-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libssh-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-config-0:0.9.6-13.el8_8.1.noarch",
"BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-debuginfo-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-debugsource-0:0.9.6-13.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libssh-devel-0:0.9.6-13.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19470
Vulnerability from csaf_redhat
Published
2025-11-03 12:14
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19470",
"url": "https://access.redhat.com/errata/RHSA-2025:19470"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19470.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:26+00:00",
"generator": {
"date": "2025-11-11T20:32:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19470",
"initial_release_date": "2025-11-03T12:14:23+00:00",
"revision_history": [
{
"date": "2025-11-03T12:14:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T12:14:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-9.el9_2.1.ppc64le",
"product": {
"name": "libssh-0:0.10.4-9.el9_2.1.ppc64le",
"product_id": "libssh-0:0.10.4-9.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-9.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"product_id": "libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-9.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"product_id": "libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-9.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"product": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"product_id": "libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-9.el9_2.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-9.el9_2.1.i686",
"product": {
"name": "libssh-0:0.10.4-9.el9_2.1.i686",
"product_id": "libssh-0:0.10.4-9.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-9.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"product": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"product_id": "libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-9.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"product": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"product_id": "libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-9.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-9.el9_2.1.i686",
"product": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.i686",
"product_id": "libssh-devel-0:0.10.4-9.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-9.el9_2.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-9.el9_2.1.x86_64",
"product": {
"name": "libssh-0:0.10.4-9.el9_2.1.x86_64",
"product_id": "libssh-0:0.10.4-9.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-9.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"product": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"product_id": "libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-9.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"product_id": "libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-9.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"product": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"product_id": "libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-9.el9_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-9.el9_2.1.s390x",
"product": {
"name": "libssh-0:0.10.4-9.el9_2.1.s390x",
"product_id": "libssh-0:0.10.4-9.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-9.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"product": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"product_id": "libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-9.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"product": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"product_id": "libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-9.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"product": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"product_id": "libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-9.el9_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-9.el9_2.1.src",
"product": {
"name": "libssh-0:0.10.4-9.el9_2.1.src",
"product_id": "libssh-0:0.10.4-9.el9_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-9.el9_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-9.el9_2.1.aarch64",
"product": {
"name": "libssh-0:0.10.4-9.el9_2.1.aarch64",
"product_id": "libssh-0:0.10.4-9.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-9.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"product": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"product_id": "libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-9.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"product_id": "libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-9.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"product": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"product_id": "libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-9.el9_2.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.10.4-9.el9_2.1.noarch",
"product": {
"name": "libssh-config-0:0.10.4-9.el9_2.1.noarch",
"product_id": "libssh-config-0:0.10.4-9.el9_2.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.10.4-9.el9_2.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.10.4-9.el9_2.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch"
},
"product_reference": "libssh-config-0:0.10.4-9.el9_2.1.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-9.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64"
},
"product_reference": "libssh-0:0.10.4-9.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.10.4-9.el9_2.1.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch"
},
"product_reference": "libssh-config-0:0.10.4-9.el9_2.1.noarch",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-9.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64"
},
"product_reference": "libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T12:14:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19470"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libssh-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-config-0:0.10.4-9.el9_2.1.noarch",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-debuginfo-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-debugsource-0:0.10.4-9.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libssh-devel-0:0.10.4-9.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19401
Vulnerability from csaf_redhat
Published
2025-11-03 01:40
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19401",
"url": "https://access.redhat.com/errata/RHSA-2025:19401"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19401.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:26+00:00",
"generator": {
"date": "2025-11-11T20:32:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19401",
"initial_release_date": "2025-11-03T01:40:22+00:00",
"revision_history": [
{
"date": "2025-11-03T01:40:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T01:40:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.4-2.el8_4.1.i686",
"product": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.i686",
"product_id": "libssh-devel-0:0.9.4-2.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.4-2.el8_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"product": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"product_id": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.4-2.el8_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"product": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"product_id": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.4-2.el8_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.4-2.el8_4.1.i686",
"product": {
"name": "libssh-0:0.9.4-2.el8_4.1.i686",
"product_id": "libssh-0:0.9.4-2.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.4-2.el8_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"product": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"product_id": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.4-2.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"product": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"product_id": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.4-2.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"product_id": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.4-2.el8_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.9.4-2.el8_4.1.x86_64",
"product": {
"name": "libssh-0:0.9.4-2.el8_4.1.x86_64",
"product_id": "libssh-0:0.9.4-2.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.4-2.el8_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.4-2.el8_4.1.src",
"product": {
"name": "libssh-0:0.9.4-2.el8_4.1.src",
"product_id": "libssh-0:0.9.4-2.el8_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.4-2.el8_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.9.4-2.el8_4.1.noarch",
"product": {
"name": "libssh-config-0:0.9.4-2.el8_4.1.noarch",
"product_id": "libssh-config-0:0.9.4-2.el8_4.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.9.4-2.el8_4.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.4-2.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch"
},
"product_reference": "libssh-config-0:0.9.4-2.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-devel-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.4-2.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch"
},
"product_reference": "libssh-config-0:0.9.4-2.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-devel-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.4-2.el8_4.1.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch"
},
"product_reference": "libssh-config-0:0.9.4-2.el8_4.1.noarch",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-devel-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.4-2.el8_4.1.noarch as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch"
},
"product_reference": "libssh-config-0:0.9.4-2.el8_4.1.noarch",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686"
},
"product_reference": "libssh-devel-0:0.9.4-2.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T01:40:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19401"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libssh-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libssh-devel-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-config-0:0.9.4-2.el8_4.1.noarch",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debuginfo-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-debugsource-0:0.9.4-2.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libssh-devel-0:0.9.4-2.el8_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19313
Vulnerability from csaf_redhat
Published
2025-11-05 12:26
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.17.43 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.17.43 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.17.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.17.43. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/155637
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.17.43 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.17.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.17.43. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/155637\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19313",
"url": "https://access.redhat.com/errata/RHSA-2025:19313"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "OCPBUGS-62951",
"url": "https://issues.redhat.com/browse/OCPBUGS-62951"
},
{
"category": "external",
"summary": "OCPBUGS-63680",
"url": "https://issues.redhat.com/browse/OCPBUGS-63680"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19313.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.17.43 bug fix and security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:24+00:00",
"generator": {
"date": "2025-11-11T20:32:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19313",
"initial_release_date": "2025-11-05T12:26:14+00:00",
"revision_history": [
{
"date": "2025-11-05T12:26:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-05T12:26:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.17",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-417.94.202510282022-0",
"product": {
"name": "rhcos-aarch64-417.94.202510282022-0",
"product_id": "rhcos-aarch64-417.94.202510282022-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202510282022?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-417.94.202510282022-0",
"product": {
"name": "rhcos-ppc64le-417.94.202510282022-0",
"product_id": "rhcos-ppc64le-417.94.202510282022-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202510282022?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-417.94.202510282022-0",
"product": {
"name": "rhcos-s390x-417.94.202510282022-0",
"product_id": "rhcos-s390x-417.94.202510282022-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202510282022?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-417.94.202510282022-0",
"product": {
"name": "rhcos-x86_64-417.94.202510282022-0",
"product_id": "rhcos-x86_64-417.94.202510282022-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202510282022?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-417.94.202510282022-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-aarch64-417.94.202510282022-0"
},
"product_reference": "rhcos-aarch64-417.94.202510282022-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-417.94.202510282022-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202510282022-0"
},
"product_reference": "rhcos-ppc64le-417.94.202510282022-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-417.94.202510282022-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-s390x-417.94.202510282022-0"
},
"product_reference": "rhcos-s390x-417.94.202510282022-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-417.94.202510282022-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-x86_64-417.94.202510282022-0"
},
"product_reference": "rhcos-x86_64-417.94.202510282022-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202510282022-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-05T12:26:14+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202510282022-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202510282022-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202510282022-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202510282022-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:21013
Vulnerability from csaf_redhat
Published
2025-11-11 19:29
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21013",
"url": "https://access.redhat.com/errata/RHSA-2025:21013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21013.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:28+00:00",
"generator": {
"date": "2025-11-11T20:32:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:21013",
"initial_release_date": "2025-11-11T19:29:32+00:00",
"revision_history": [
{
"date": "2025-11-11T19:29:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-11T19:29:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.11.1-4.el10_1.aarch64",
"product": {
"name": "libssh-devel-0:0.11.1-4.el10_1.aarch64",
"product_id": "libssh-devel-0:0.11.1-4.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.11.1-4.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"product": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"product_id": "libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.11.1-4.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"product_id": "libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.11.1-4.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_1.aarch64",
"product": {
"name": "libssh-0:0.11.1-4.el10_1.aarch64",
"product_id": "libssh-0:0.11.1-4.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"product": {
"name": "libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"product_id": "libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.11.1-4.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"product_id": "libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.11.1-4.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"product_id": "libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.11.1-4.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_1.ppc64le",
"product": {
"name": "libssh-0:0.11.1-4.el10_1.ppc64le",
"product_id": "libssh-0:0.11.1-4.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.11.1-4.el10_1.x86_64",
"product": {
"name": "libssh-devel-0:0.11.1-4.el10_1.x86_64",
"product_id": "libssh-devel-0:0.11.1-4.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.11.1-4.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"product": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"product_id": "libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.11.1-4.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"product_id": "libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.11.1-4.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_1.x86_64",
"product": {
"name": "libssh-0:0.11.1-4.el10_1.x86_64",
"product_id": "libssh-0:0.11.1-4.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.11.1-4.el10_1.s390x",
"product": {
"name": "libssh-devel-0:0.11.1-4.el10_1.s390x",
"product_id": "libssh-devel-0:0.11.1-4.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.11.1-4.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"product": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"product_id": "libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.11.1-4.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"product": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"product_id": "libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.11.1-4.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_1.s390x",
"product": {
"name": "libssh-0:0.11.1-4.el10_1.s390x",
"product_id": "libssh-0:0.11.1-4.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_1.src",
"product": {
"name": "libssh-0:0.11.1-4.el10_1.src",
"product_id": "libssh-0:0.11.1-4.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.11.1-4.el10_1.noarch",
"product": {
"name": "libssh-config-0:0.11.1-4.el10_1.noarch",
"product_id": "libssh-config-0:0.11.1-4.el10_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.11.1-4.el10_1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.src"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.11.1-4.el10_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch"
},
"product_reference": "libssh-config-0:0.11.1-4.el10_1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.src"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.src",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64"
},
"product_reference": "libssh-0:0.11.1-4.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.11.1-4.el10_1.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch"
},
"product_reference": "libssh-config-0:0.11.1-4.el10_1.noarch",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.src",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.src",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T19:29:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.src",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.src",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21013"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.src",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.src",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.src",
"AppStream-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x",
"AppStream-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.src",
"BaseOS-10.1.Z:libssh-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-config-0:0.11.1-4.el10_1.noarch",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-debuginfo-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-debugsource-0:0.11.1-4.el10_1.x86_64",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.aarch64",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.ppc64le",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.s390x",
"BaseOS-10.1.Z:libssh-devel-0:0.11.1-4.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19300
Vulnerability from csaf_redhat
Published
2025-11-05 18:15
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.19.18 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.19.18 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.19.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.19.18. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/155630
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.19 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.19.18 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.19.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.19.18. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/155630\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19300",
"url": "https://access.redhat.com/errata/RHSA-2025:19300"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "OCPBUGS-62159",
"url": "https://issues.redhat.com/browse/OCPBUGS-62159"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19300.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.19.18 bug fix and security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:24+00:00",
"generator": {
"date": "2025-11-11T20:32:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19300",
"initial_release_date": "2025-11-05T18:15:06+00:00",
"revision_history": [
{
"date": "2025-11-05T18:15:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-05T18:15:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.19",
"product": {
"name": "Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-4.19.9.6.202510281054-0",
"product": {
"name": "rhcos-aarch64-4.19.9.6.202510281054-0",
"product_id": "rhcos-aarch64-4.19.9.6.202510281054-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.19.9.6.202510281054?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-4.19.9.6.202510281054-0",
"product": {
"name": "rhcos-ppc64le-4.19.9.6.202510281054-0",
"product_id": "rhcos-ppc64le-4.19.9.6.202510281054-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.19.9.6.202510281054?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-4.19.9.6.202510281054-0",
"product": {
"name": "rhcos-s390x-4.19.9.6.202510281054-0",
"product_id": "rhcos-s390x-4.19.9.6.202510281054-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.19.9.6.202510281054?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-4.19.9.6.202510281054-0",
"product": {
"name": "rhcos-x86_64-4.19.9.6.202510281054-0",
"product_id": "rhcos-x86_64-4.19.9.6.202510281054-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.19.9.6.202510281054?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-4.19.9.6.202510281054-0 as a component of Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202510281054-0"
},
"product_reference": "rhcos-aarch64-4.19.9.6.202510281054-0",
"relates_to_product_reference": "9Base-RHOSE-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-4.19.9.6.202510281054-0 as a component of Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202510281054-0"
},
"product_reference": "rhcos-ppc64le-4.19.9.6.202510281054-0",
"relates_to_product_reference": "9Base-RHOSE-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-4.19.9.6.202510281054-0 as a component of Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202510281054-0"
},
"product_reference": "rhcos-s390x-4.19.9.6.202510281054-0",
"relates_to_product_reference": "9Base-RHOSE-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-4.19.9.6.202510281054-0 as a component of Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202510281054-0"
},
"product_reference": "rhcos-x86_64-4.19.9.6.202510281054-0",
"relates_to_product_reference": "9Base-RHOSE-4.19"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202510281054-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-05T18:15:06+00:00",
"details": "For OpenShift Container Platform 4.19 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202510281054-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19300"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202510281054-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202510281054-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202510281054-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19807
Vulnerability from csaf_redhat
Published
2025-11-05 14:26
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.7.1 release
Notes
Topic
Red Hat OpenShift distributed tracing platform (Tempo) 3.7.1 has been released
Details
This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides security improvements.
Breaking changes:
* Nothing
Deprecations:
* Nothing
Technology Preview features:
* Nothing
Enhancements:
* Nothing
Bug fixes:
* https://access.redhat.com/security/cve/CVE-2025-5318
Known issues:
* In the Jaeger UI, clicking on Trace and refreshing the page, or accessing Trace > Trace Timeline > Trace JSON from the Tempo query frontend,
might result in the Tempo query pod failing with an EOF error. To work around this problem, use the distributed tracing UI plugin to view traces.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift distributed tracing platform (Tempo) 3.7.1 has been released",
"title": "Topic"
},
{
"category": "general",
"text": "This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides security improvements.\n\n\nBreaking changes:\n\n* Nothing\n\n\nDeprecations:\n\n* Nothing\n\n\nTechnology Preview features:\n\n* Nothing\n\n\nEnhancements:\n\n* Nothing\n\n\nBug fixes:\n\n* https://access.redhat.com/security/cve/CVE-2025-5318\n\n\nKnown issues:\n\n* In the Jaeger UI, clicking on Trace and refreshing the page, or accessing Trace \u003e Trace Timeline \u003e Trace JSON from the Tempo query frontend,\n might result in the Tempo query pod failing with an EOF error. To work around this problem, use the distributed tracing UI plugin to view traces.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19807",
"url": "https://access.redhat.com/errata/RHSA-2025:19807"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5318",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/distributed_tracing/distributed-tracing-platform-tempo"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19807.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.7.1 release",
"tracking": {
"current_release_date": "2025-11-11T20:32:28+00:00",
"generator": {
"date": "2025-11-11T20:32:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19807",
"initial_release_date": "2025-11-05T14:26:13+00:00",
"revision_history": [
{
"date": "2025-11-05T14:26:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-05T14:26:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.7.0",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256%3Aa3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762257871"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256%3A89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254552"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel8@sha256%3A09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762255881"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256%3A94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256%3A85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254545"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256%3Ad25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254530"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256%3A2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254519"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256%3A8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254552"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel8@sha256%3Adcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762255881"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256%3Ab5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256%3A83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254545"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256%3A8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254530"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256%3A6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254519"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256%3A4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254552"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel8@sha256%3Ae5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762255881"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256%3A3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256%3A79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254545"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256%3Acff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254530"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256%3A0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254519"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256%3Af242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254552"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-jaeger-query-rhel8@sha256%3Af0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762255881"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256%3Ae81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256%3A054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254545"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256%3A4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254530"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x",
"product_id": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256%3Aacb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=rhosdt-3.7-1762254519"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64 as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x as a component of Red Hat OpenShift distributed tracing 3.7.0",
"product_id": "Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.7.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-05T14:26:13+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:3f12344a5c4c07de6355c07a70115b852a80559daf0c95aec586af96821b6b22_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:94a3b08c6cb8f53e252feebd80cfc17d6ccf7bda0bea3345159df0ac4d2a861c_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:b5ee1febe929df3dd67df124aeb65d1920af553e667c2929a6865784ce546dc3_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:e81c587e8b6b3456388868759109e1e8cf5ed273c466874531c9cc7593bd2ef5_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:4aa93ec7982b8407243a36a97d56aedc8b41ceeea5b9d9129b84a9df922ad5ec_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:89fa077e76e811311d2acf48abb61bcd922d44e089025e61d505ea4c774ac2b6_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:8ee1496c50ffa203204170d053e327fe9fcddf215c799cb96d2c0e74da1dc945_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:f242d27114fa7546df4d7261cccbd8586e9e6ba2487f02e260d8880807b94f43_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:09397a9449f9d26f928e2f92a81f5fc3ccd7d5c1fe89766e4fadce04906c5d69_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:dcbae88d4be5b004ff7473bcfbbd57946c773f7e77fc99da0b5b023310f55ddd_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:e5911ebdd4c6d93a4537497e51c56b337d1e3eca1d5d8a2298888f6fd026774b_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8@sha256:f0290670fda619de4bfa43aa13a720d227761308637320743a27e142dceedfce_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-operator-bundle@sha256:a3b655318bd147566d238e773a64879c5dc9352f8cd7748fa7bfbc7efe1b3952_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:4ac00ba41969f0166c5513a50aac500cb65a4f9fc433073f89e5b03734552adb_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:8ad291327a8410feb2d34afeb0d0c7f847a1cffc838883b65d71427b3f97670a_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:cff164d0bb868d1737eb13081ed3cb823eee82702be265e61390c2fd0f586b75_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:d25818f8e291203973fee6941883297d32f24290701b5a0d218cfec56e824eea_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:054f4ed9b24b1bc6fc885408d261d74fd2fc9f97ed8fc62f4a167e08d2a18eb3_s390x",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:79b8676a25be5b6f2d589c7a86b9b6142d13646d11911b733a8f499dde5448cc_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:83583f8010629b65533926a11163565efd4d8b32433fe279218b60cdb13da13f_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8-operator@sha256:85d2ca87a046daff70673dad0dbb7409d126c59cd76bbe18a129e40695c2c8d8_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:0fbed65da8c168be024b4ec28e9c5a860ce81c5bee69ebea24002407dc002be8_ppc64le",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:2c938cee177e95f78683ca721744a3dd3b12b1315a1f54893b450457bdd65a5f_amd64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:6870a410833d5949e5ad0ff6a84a71033e7763a51bcf0a45c02742624edeaa62_arm64",
"Red Hat OpenShift distributed tracing 3.7.0:registry.redhat.io/rhosdt/tempo-rhel8@sha256:acb7b35830ab844e5066f39f29d96c65f3cb326eb6e5c2a950ca75fb19cc04ae_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:18231
Vulnerability from csaf_redhat
Published
2025-10-16 10:25
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18231",
"url": "https://access.redhat.com/errata/RHSA-2025:18231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18231.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:18+00:00",
"generator": {
"date": "2025-11-11T20:32:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:18231",
"initial_release_date": "2025-10-16T10:25:20+00:00",
"revision_history": [
{
"date": "2025-10-16T10:25:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-16T10:25:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_0.src",
"product": {
"name": "libssh-0:0.11.1-4.el10_0.src",
"product_id": "libssh-0:0.11.1-4.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_0.aarch64",
"product": {
"name": "libssh-0:0.11.1-4.el10_0.aarch64",
"product_id": "libssh-0:0.11.1-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"product": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"product_id": "libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.11.1-4.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"product_id": "libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.11.1-4.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.11.1-4.el10_0.aarch64",
"product": {
"name": "libssh-devel-0:0.11.1-4.el10_0.aarch64",
"product_id": "libssh-devel-0:0.11.1-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.11.1-4.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_0.ppc64le",
"product": {
"name": "libssh-0:0.11.1-4.el10_0.ppc64le",
"product_id": "libssh-0:0.11.1-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"product_id": "libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.11.1-4.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"product_id": "libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.11.1-4.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"product": {
"name": "libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"product_id": "libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.11.1-4.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_0.x86_64",
"product": {
"name": "libssh-0:0.11.1-4.el10_0.x86_64",
"product_id": "libssh-0:0.11.1-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"product": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"product_id": "libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.11.1-4.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"product_id": "libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.11.1-4.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.11.1-4.el10_0.x86_64",
"product": {
"name": "libssh-devel-0:0.11.1-4.el10_0.x86_64",
"product_id": "libssh-devel-0:0.11.1-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.11.1-4.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.11.1-4.el10_0.s390x",
"product": {
"name": "libssh-0:0.11.1-4.el10_0.s390x",
"product_id": "libssh-0:0.11.1-4.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.11.1-4.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"product": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"product_id": "libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.11.1-4.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"product": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"product_id": "libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.11.1-4.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.11.1-4.el10_0.s390x",
"product": {
"name": "libssh-devel-0:0.11.1-4.el10_0.s390x",
"product_id": "libssh-devel-0:0.11.1-4.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.11.1-4.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.11.1-4.el10_0.noarch",
"product": {
"name": "libssh-config-0:0.11.1-4.el10_0.noarch",
"product_id": "libssh-config-0:0.11.1-4.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.11.1-4.el10_0?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.src"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.11.1-4.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch"
},
"product_reference": "libssh-config-0:0.11.1-4.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.src"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.src",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.11.1-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64"
},
"product_reference": "libssh-0:0.11.1-4.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.11.1-4.el10_0.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch"
},
"product_reference": "libssh-config-0:0.11.1-4.el10_0.noarch",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.11.1-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.11.1-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64"
},
"product_reference": "libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_0.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.11.1-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64"
},
"product_reference": "libssh-devel-0:0.11.1-4.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.src",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.src",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T10:25:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.src",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.src",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18231"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.src",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.src",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.src",
"AppStream-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x",
"AppStream-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.src",
"BaseOS-10.0.Z:libssh-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-config-0:0.11.1-4.el10_0.noarch",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-debuginfo-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-debugsource-0:0.11.1-4.el10_0.x86_64",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.aarch64",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.ppc64le",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.s390x",
"BaseOS-10.0.Z:libssh-devel-0:0.11.1-4.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19012
Vulnerability from csaf_redhat
Published
2025-10-23 20:00
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19012",
"url": "https://access.redhat.com/errata/RHSA-2025:19012"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19012.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:20+00:00",
"generator": {
"date": "2025-11-11T20:32:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19012",
"initial_release_date": "2025-10-23T20:00:32+00:00",
"revision_history": [
{
"date": "2025-10-23T20:00:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-23T20:00:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"product": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"product_id": "libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-13.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"product": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"product_id": "libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-13.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"product_id": "libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-13.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-13.el9_4.1.aarch64",
"product": {
"name": "libssh-0:0.10.4-13.el9_4.1.aarch64",
"product_id": "libssh-0:0.10.4-13.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-13.el9_4.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"product": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"product_id": "libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-13.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"product_id": "libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-13.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"product_id": "libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-13.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-13.el9_4.1.ppc64le",
"product": {
"name": "libssh-0:0.10.4-13.el9_4.1.ppc64le",
"product_id": "libssh-0:0.10.4-13.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-13.el9_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-13.el9_4.1.i686",
"product": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.i686",
"product_id": "libssh-devel-0:0.10.4-13.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-13.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"product": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"product_id": "libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-13.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"product": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"product_id": "libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-13.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-13.el9_4.1.i686",
"product": {
"name": "libssh-0:0.10.4-13.el9_4.1.i686",
"product_id": "libssh-0:0.10.4-13.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-13.el9_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"product": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"product_id": "libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-13.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"product": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"product_id": "libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-13.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"product_id": "libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-13.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-13.el9_4.1.x86_64",
"product": {
"name": "libssh-0:0.10.4-13.el9_4.1.x86_64",
"product_id": "libssh-0:0.10.4-13.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-13.el9_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"product": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"product_id": "libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-13.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"product": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"product_id": "libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-13.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"product": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"product_id": "libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-13.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-13.el9_4.1.s390x",
"product": {
"name": "libssh-0:0.10.4-13.el9_4.1.s390x",
"product_id": "libssh-0:0.10.4-13.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-13.el9_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-13.el9_4.1.src",
"product": {
"name": "libssh-0:0.10.4-13.el9_4.1.src",
"product_id": "libssh-0:0.10.4-13.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-13.el9_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.10.4-13.el9_4.1.noarch",
"product": {
"name": "libssh-config-0:0.10.4-13.el9_4.1.noarch",
"product_id": "libssh-config-0:0.10.4-13.el9_4.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.10.4-13.el9_4.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.10.4-13.el9_4.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch"
},
"product_reference": "libssh-config-0:0.10.4-13.el9_4.1.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64"
},
"product_reference": "libssh-0:0.10.4-13.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.10.4-13.el9_4.1.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch"
},
"product_reference": "libssh-config-0:0.10.4-13.el9_4.1.noarch",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-13.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64"
},
"product_reference": "libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-23T20:00:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19012"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libssh-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-config-0:0.10.4-13.el9_4.1.noarch",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-debuginfo-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-debugsource-0:0.10.4-13.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libssh-devel-0:0.10.4-13.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:18275
Vulnerability from csaf_redhat
Published
2025-10-16 22:09
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18275",
"url": "https://access.redhat.com/errata/RHSA-2025:18275"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18275.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:18+00:00",
"generator": {
"date": "2025-11-11T20:32:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:18275",
"initial_release_date": "2025-10-16T22:09:51+00:00",
"revision_history": [
{
"date": "2025-10-16T22:09:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-16T22:09:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_6.aarch64",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_6.aarch64",
"product_id": "libssh-devel-0:0.10.4-15.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_6.aarch64",
"product": {
"name": "libssh-0:0.10.4-15.el9_6.aarch64",
"product_id": "libssh-0:0.10.4-15.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"product_id": "libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_6.ppc64le",
"product": {
"name": "libssh-0:0.10.4-15.el9_6.ppc64le",
"product_id": "libssh-0:0.10.4-15.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_6.i686",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_6.i686",
"product_id": "libssh-devel-0:0.10.4-15.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_6.i686",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.i686",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_6.i686",
"product": {
"name": "libssh-0:0.10.4-15.el9_6.i686",
"product_id": "libssh-0:0.10.4-15.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_6.x86_64",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_6.x86_64",
"product_id": "libssh-devel-0:0.10.4-15.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_6.x86_64",
"product": {
"name": "libssh-0:0.10.4-15.el9_6.x86_64",
"product_id": "libssh-0:0.10.4-15.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0:0.10.4-15.el9_6.s390x",
"product": {
"name": "libssh-devel-0:0.10.4-15.el9_6.s390x",
"product_id": "libssh-devel-0:0.10.4-15.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.10.4-15.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"product": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"product_id": "libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.10.4-15.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"product": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"product_id": "libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.10.4-15.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_6.s390x",
"product": {
"name": "libssh-0:0.10.4-15.el9_6.s390x",
"product_id": "libssh-0:0.10.4-15.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.10.4-15.el9_6.src",
"product": {
"name": "libssh-0:0.10.4-15.el9_6.src",
"product_id": "libssh-0:0.10.4-15.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.10.4-15.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.10.4-15.el9_6.noarch",
"product": {
"name": "libssh-config-0:0.10.4-15.el9_6.noarch",
"product_id": "libssh-config-0:0.10.4-15.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.10.4-15.el9_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.10.4-15.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch"
},
"product_reference": "libssh-config-0:0.10.4-15.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.10.4-15.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64"
},
"product_reference": "libssh-0:0.10.4-15.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.10.4-15.el9_6.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch"
},
"product_reference": "libssh-config-0:0.10.4-15.el9_6.noarch",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.10.4-15.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.10.4-15.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64"
},
"product_reference": "libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.10.4-15.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64"
},
"product_reference": "libssh-devel-0:0.10.4-15.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T22:09:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18275"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-config-0:0.10.4-15.el9_6.noarch",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debuginfo-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-debugsource-0:0.10.4-15.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:libssh-devel-0:0.10.4-15.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
rhsa-2025:19472
Vulnerability from csaf_redhat
Published
2025-11-03 12:20
Modified
2025-11-11 20:32
Summary
Red Hat Security Advisory: libssh security update
Notes
Topic
An update for libssh is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libssh is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19472",
"url": "https://access.redhat.com/errata/RHSA-2025:19472"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19472.json"
}
],
"title": "Red Hat Security Advisory: libssh security update",
"tracking": {
"current_release_date": "2025-11-11T20:32:26+00:00",
"generator": {
"date": "2025-11-11T20:32:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:19472",
"initial_release_date": "2025-11-03T12:20:18+00:00",
"revision_history": [
{
"date": "2025-11-03T12:20:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T12:20:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-11T20:32:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-3.el9_0.1.src",
"product": {
"name": "libssh-0:0.9.6-3.el9_0.1.src",
"product_id": "libssh-0:0.9.6-3.el9_0.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-3.el9_0.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-3.el9_0.1.aarch64",
"product": {
"name": "libssh-0:0.9.6-3.el9_0.1.aarch64",
"product_id": "libssh-0:0.9.6-3.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-3.el9_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"product": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"product_id": "libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-3.el9_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"product": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"product_id": "libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-3.el9_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"product": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"product_id": "libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-3.el9_0.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-3.el9_0.1.ppc64le",
"product": {
"name": "libssh-0:0.9.6-3.el9_0.1.ppc64le",
"product_id": "libssh-0:0.9.6-3.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-3.el9_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"product": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"product_id": "libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-3.el9_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"product": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"product_id": "libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-3.el9_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"product": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"product_id": "libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-3.el9_0.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-3.el9_0.1.i686",
"product": {
"name": "libssh-0:0.9.6-3.el9_0.1.i686",
"product_id": "libssh-0:0.9.6-3.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-3.el9_0.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"product": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"product_id": "libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-3.el9_0.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"product": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"product_id": "libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-3.el9_0.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-3.el9_0.1.i686",
"product": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.i686",
"product_id": "libssh-devel-0:0.9.6-3.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-3.el9_0.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-3.el9_0.1.x86_64",
"product": {
"name": "libssh-0:0.9.6-3.el9_0.1.x86_64",
"product_id": "libssh-0:0.9.6-3.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-3.el9_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"product": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"product_id": "libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-3.el9_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"product": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"product_id": "libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-3.el9_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"product": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"product_id": "libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-3.el9_0.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-0:0.9.6-3.el9_0.1.s390x",
"product": {
"name": "libssh-0:0.9.6-3.el9_0.1.s390x",
"product_id": "libssh-0:0.9.6-3.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh@0.9.6-3.el9_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"product": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"product_id": "libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debugsource@0.9.6-3.el9_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"product": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"product_id": "libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-debuginfo@0.9.6-3.el9_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"product": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"product_id": "libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-devel@0.9.6-3.el9_0.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0:0.9.6-3.el9_0.1.noarch",
"product": {
"name": "libssh-config-0:0.9.6-3.el9_0.1.noarch",
"product_id": "libssh-config-0:0.9.6-3.el9_0.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh-config@0.9.6-3.el9_0.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-3.el9_0.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-3.el9_0.1.noarch",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-0:0.9.6-3.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64"
},
"product_reference": "libssh-0:0.9.6-3.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0:0.9.6-3.el9_0.1.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch"
},
"product_reference": "libssh-config-0:0.9.6-3.el9_0.1.noarch",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64"
},
"product_reference": "libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64"
},
"product_reference": "libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0:0.9.6-3.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64"
},
"product_reference": "libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-125: Out-of-bounds Read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe use of baseline configurations, change control, and configuration settings within the platform enforces secure system configurations, patch management, and proper runtime settings, which helps prevent the introduction of memory handling issues through insecure defaults, unpatched components, and misconfigurations. Specifically, the use of process isolation and memory protection ensures memory integrity by isolating processes and enforcing memory protection mechanisms that limit an attacker\u0027s ability to exploit or read memory. System monitoring controls provide an additional layer of protection in the detection of anomalous behavior and unauthorized memory-related access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T12:20:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19472"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libssh-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-config-0:0.9.6-3.el9_0.1.noarch",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-debuginfo-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-debugsource-0:0.9.6-3.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libssh-devel-0:0.9.6-3.el9_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
}
]
}
wid-sec-w-2025-1423
Vulnerability from csaf_certbund
Published
2025-06-29 22:00
Modified
2025-08-31 22:00
Summary
libssh: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libssh ist eine C Bibliothek für das Anbieten von SSH Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuführen, Dateien zu übertragen oder als sicherer und transparenter Tunnel für entfernte Programme genutzt werden.
Angriff
Ein Angreifer kann mehrere Schwachstellen in libssh ausnutzen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, und potentiell weitere nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "libssh ist eine C Bibliothek f\u00fcr das Anbieten von SSH Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuf\u00fchren, Dateien zu \u00fcbertragen oder als sicherer und transparenter Tunnel f\u00fcr entfernte Programme genutzt werden.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in libssh ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, und potentiell weitere nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1423 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1423.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1423 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1423"
},
{
"category": "external",
"summary": "libssh. org vom 2025-06-29",
"url": "https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/"
},
{
"category": "external",
"summary": "libssh security and bugfix release vom 2025-06-29",
"url": "https://seclists.org/oss-sec/2025/q2/284"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02229-1 vom 2025-07-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021759.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7619-1 vom 2025-07-07",
"url": "https://ubuntu.com/security/notices/USN-7619-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02281-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021789.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02279-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021791.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02278-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021792.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-18E8506D3A vom 2025-07-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-18e8506d3a"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02755-1 vom 2025-08-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022132.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7696-1 vom 2025-08-19",
"url": "https://ubuntu.com/security/notices/USN-7696-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20557-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022231.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20596-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022366.html"
}
],
"source_lang": "en-US",
"title": "libssh: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-31T22:00:00.000+00:00",
"generator": {
"date": "2025-09-01T07:27:06.082+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1423",
"initial_release_date": "2025-06-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-10T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-07-22T22:00:00.000+00:00",
"number": "6",
"summary": "Referenz(en) aufgenommen: EUVD-2025-22335"
},
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c0.11.2",
"product": {
"name": "Open Source libssh \u003c0.11.2",
"product_id": "T044955"
}
},
{
"category": "product_version",
"name": "0.11.2",
"product": {
"name": "Open Source libssh 0.11.2",
"product_id": "T044955-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:libssh:libssh:0.11.2"
}
}
}
],
"category": "product_name",
"name": "libssh"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"product_status": {
"known_affected": [
"T002207",
"T044955",
"T000126",
"74185"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-5351",
"product_status": {
"known_affected": [
"T002207",
"T044955",
"T000126",
"74185"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-5351"
},
{
"cve": "CVE-2025-5449",
"product_status": {
"known_affected": [
"T002207",
"T044955",
"T000126",
"74185"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-5449"
},
{
"cve": "CVE-2025-4878",
"product_status": {
"known_affected": [
"T002207",
"T044955",
"T000126",
"74185"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"product_status": {
"known_affected": [
"T002207",
"T044955",
"T000126",
"74185"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5372",
"product_status": {
"known_affected": [
"T002207",
"T044955",
"T000126",
"74185"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-5372"
},
{
"cve": "CVE-2025-5987",
"product_status": {
"known_affected": [
"T002207",
"T044955",
"T000126",
"74185"
]
},
"release_date": "2025-06-29T22:00:00.000+00:00",
"title": "CVE-2025-5987"
}
]
}
wid-sec-w-2025-1385
Vulnerability from csaf_certbund
Published
2025-06-24 22:00
Modified
2025-08-31 22:00
Summary
libssh: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libssh ist eine C Bibliothek für das Anbieten von SSH Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuführen, Dateien zu übertragen oder als sicherer und transparenter Tunnel für entfernte Programme genutzt werden.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in libssh ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "libssh ist eine C Bibliothek f\u00fcr das Anbieten von SSH Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuf\u00fchren, Dateien zu \u00fcbertragen oder als sicherer und transparenter Tunnel f\u00fcr entfernte Programme genutzt werden.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in libssh ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1385 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1385.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1385 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1385"
},
{
"category": "external",
"summary": "libssh Security Advisory vom 2025-06-24",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-06-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02229-1 vom 2025-07-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021759.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7619-1 vom 2025-07-07",
"url": "https://ubuntu.com/security/notices/USN-7619-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02278-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021792.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02279-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021791.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02281-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021789.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-18E8506D3A vom 2025-07-22",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-18e8506d3a"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02755-1 vom 2025-08-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022132.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20557-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022231.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7696-1 vom 2025-08-19",
"url": "https://ubuntu.com/security/notices/USN-7696-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20596-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022366.html"
}
],
"source_lang": "en-US",
"title": "libssh: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2025-08-31T22:00:00.000+00:00",
"generator": {
"date": "2025-09-01T07:27:04.646+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1385",
"initial_release_date": "2025-06-24T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-10T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c0.11.2",
"product": {
"name": "Open Source libssh \u003c0.11.2",
"product_id": "T044818"
}
},
{
"category": "product_version",
"name": "0.11.2",
"product": {
"name": "Open Source libssh 0.11.2",
"product_id": "T044818-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:libssh:libssh:0.11.2"
}
}
}
],
"category": "product_name",
"name": "libssh"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5318",
"product_status": {
"known_affected": [
"T002207",
"T000126",
"T044818",
"74185"
]
},
"release_date": "2025-06-24T22:00:00.000+00:00",
"title": "CVE-2025-5318"
}
]
}
ncsc-2025-0339
Vulnerability from csaf_ncscnl
Published
2025-10-23 14:11
Modified
2025-10-23 14:11
Summary
Kwetsbaarheden verholpen in Oracle MySQL
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle MySQL (Specifiek voor versies 8.0.0-8.0.43, 8.4.0-8.4.6, en 9.0.0-9.4.0).
Interpretaties
De kwetsbaarheden in Oracle MySQL stellen hooggeprivilegieerde aanvallers in staat om Denial-of-Service aanvallen uit te voeren en data te manipuleren zonder autorisatie. Dit kan leiden tot ernstige verstoringen in de service en compromittering van de integriteit van de data die door de getroffen systemen worden beheerd.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-125
Out-of-bounds Read
CWE-197
Numeric Truncation Error
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-407
Inefficient Algorithmic Complexity
CWE-670
Always-Incorrect Control Flow Implementation
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle MySQL (Specifiek voor versies 8.0.0-8.0.43, 8.4.0-8.4.6, en 9.0.0-9.4.0).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle MySQL stellen hooggeprivilegieerde aanvallers in staat om Denial-of-Service aanvallen uit te voeren en data te manipuleren zonder autorisatie. Dit kan leiden tot ernstige verstoringen in de service en compromittering van de integriteit van de data die door de getroffen systemen worden beheerd.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle MySQL",
"tracking": {
"current_release_date": "2025-10-23T14:11:30.111892Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0339",
"initial_release_date": "2025-10-23T14:11:30.111892Z",
"revision_history": [
{
"date": "2025-10-23T14:11:30.111892Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "MySQL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "MySQL Cluster"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "MySQL Enterprise Backup"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "MySQL Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "MySQL Workbench"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-35195",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"notes": [
{
"category": "other",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various Oracle products, IBM InfoSphere, and Requests library versions allow high-privileged and remote attackers to compromise systems, execute arbitrary code, and bypass security measures, with CVSS scores ranging from 5.6 to 5.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35195 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35195.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5399",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-5399"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-53040",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.43, 8.4.0-8.4.6, and 9.0.0-9.4.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53040 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53040.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53040"
},
{
"cve": "CVE-2025-53042",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.43, 8.4.0-8.4.6, and 9.0.0-9.4.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53042 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53042.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53042"
},
{
"cve": "CVE-2025-53044",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53044 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53044.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53044"
},
{
"cve": "CVE-2025-53045",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53045 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53045.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53045"
},
{
"cve": "CVE-2025-53053",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.43, 8.4.0-8.4.6, and 9.0.0-9.4.0 allows high-privileged attackers to execute denial of service and unauthorized data manipulation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53053 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53053"
},
{
"cve": "CVE-2025-53054",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s InnoDB component affects specific versions, enabling high-privileged attackers to execute denial of service and unauthorized data manipulation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53054 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53054.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53054"
},
{
"cve": "CVE-2025-53062",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53062 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53062"
},
{
"cve": "CVE-2025-53067",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.4.0) allows high-privileged attackers to cause denial of service via network access, with a CVSS 3.1 Base Score of 4.9 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53067 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53067.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53067"
},
{
"cve": "CVE-2025-53069",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.43, 8.4.0-8.4.6, and 9.0.0-9.4.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53069 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-53069"
}
]
}
ncsc-2025-0330
Vulnerability from csaf_ncscnl
Published
2025-10-23 13:20
Modified
2025-10-23 13:20
Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.
Interpretaties
De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden variëren van 3.1 tot 9.8, wat wijst op een breed scala aan risico's, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23
Relative Path Traversal
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121
Stack-based Buffer Overflow
CWE-122
Heap-based Buffer Overflow
CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE-125
Out-of-bounds Read
CWE-129
Improper Validation of Array Index
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-147
Improper Neutralization of Input Terminators
CWE-190
Integer Overflow or Wraparound
CWE-197
Numeric Truncation Error
CWE-241
Improper Handling of Unexpected Data Type
CWE-252
Unchecked Return Value
CWE-253
Incorrect Check of Function Return Value
CWE-284
Improper Access Control
CWE-287
Improper Authentication
CWE-290
Authentication Bypass by Spoofing
CWE-328
Use of Weak Hash
CWE-385
Covert Timing Channel
CWE-390
Detection of Error Condition Without Action
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-407
Inefficient Algorithmic Complexity
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415
Double Free
CWE-416
Use After Free
CWE-426
Untrusted Search Path
CWE-440
Expected Behavior Violation
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476
NULL Pointer Dereference
CWE-674
Uncontrolled Recursion
CWE-697
Incorrect Comparison
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-789
Memory Allocation with Excessive Size Value
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-918
Server-Side Request Forgery (SSRF)
CWE-937
CWE-937
CWE-1035
CWE-1035
CWE-1284
Improper Validation of Specified Quantity in Input
CWE-1333
Inefficient Regular Expression Complexity
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Incorrect Comparison",
"title": "CWE-697"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2025-10-23T13:20:15.363063Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0330",
"initial_release_date": "2025-10-23T13:20:15.363063Z",
"revision_history": [
{
"date": "2025-10-23T13:20:15.363063Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications Cloud Native Core Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Management Cloud Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications Calendar Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Automated Test Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Binding Support Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Certificate Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core DBTier"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Repository Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Policy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Service Communication Proxy"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Cloud Native Core Unified Data Repository"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Converged Charging System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Communications Convergent Charging Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Oracle Communications Diameter Signaling Router"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE Element Management System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Oracle Communications EAGLE LNP Application Processor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Oracle Communications LSMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Oracle Communications Messaging Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Charging and Control"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "Oracle Communications Offline Mediation Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Oracle Communications Service Catalog and Design"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-33"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-34"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-35"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-36"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Operations Monitor"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26555",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26555 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-8006",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8006 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-8006"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-35164",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35164 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-35164"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-50609",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-50609"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-1948"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "description",
"text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-3576 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-4373",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"title": "CWE-124"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4373 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4373"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4802",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "description",
"text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4802 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5399",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5399 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5399"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5889 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7339",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Unexpected Data Type",
"title": "CWE-241"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7339 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7425 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-7962",
"cwe": {
"id": "CWE-147",
"name": "Improper Neutralization of Input Terminators"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input Terminators",
"title": "CWE-147"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-7962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8058 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8058"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-25724",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25724 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-25724"
},
{
"cve": "CVE-2025-27210",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27210 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27210"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-27553",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27553"
},
{
"cve": "CVE-2025-27587",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "description",
"text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27587 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Quantity in Input",
"title": "CWE-1284"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32415 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32728 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48989 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52999 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-53547",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53547 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53643 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54090",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "other",
"text": "Incorrect Check of Function Return Value",
"title": "CWE-253"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54090 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-54090"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-57803",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-57803 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-57803"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32",
"CSAFPID-33",
"CSAFPID-34",
"CSAFPID-35",
"CSAFPID-36"
]
}
],
"title": "CVE-2025-59375"
}
]
}
suse-su-2025:02279-1
Vulnerability from csaf_suse
Published
2025-07-10 16:03
Modified
2025-07-10 16:03
Summary
Security update for libssh
Notes
Title of the patch
Security update for libssh
Description of the patch
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
Patchnames
SUSE-2025-2279,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2279,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2279,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2279,SUSE-SUSE-MicroOS-5.1-2025-2279,SUSE-SUSE-MicroOS-5.2-2025-2279,SUSE-Storage-7.1-2025-2279
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh fixes the following issues:\n\n- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).\n- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).\n- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).\n- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2279,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2279,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2279,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2279,SUSE-SUSE-MicroOS-5.1-2025-2279,SUSE-SUSE-MicroOS-5.2-2025-2279,SUSE-Storage-7.1-2025-2279",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02279-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02279-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502279-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02279-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040681.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245309",
"url": "https://bugzilla.suse.com/1245309"
},
{
"category": "self",
"summary": "SUSE Bug 1245310",
"url": "https://bugzilla.suse.com/1245310"
},
{
"category": "self",
"summary": "SUSE Bug 1245311",
"url": "https://bugzilla.suse.com/1245311"
},
{
"category": "self",
"summary": "SUSE Bug 1245314",
"url": "https://bugzilla.suse.com/1245314"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5372/"
}
],
"title": "Security update for libssh",
"tracking": {
"current_release_date": "2025-07-10T16:03:25Z",
"generator": {
"date": "2025-07-10T16:03:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02279-1",
"initial_release_date": "2025-07-10T16:03:25Z",
"revision_history": [
{
"date": "2025-07-10T16:03:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150200.13.9.1.aarch64",
"product": {
"name": "libssh-config-0.9.8-150200.13.9.1.aarch64",
"product_id": "libssh-config-0.9.8-150200.13.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150200.13.9.1.aarch64",
"product": {
"name": "libssh-devel-0.9.8-150200.13.9.1.aarch64",
"product_id": "libssh-devel-0.9.8-150200.13.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150200.13.9.1.aarch64",
"product": {
"name": "libssh4-0.9.8-150200.13.9.1.aarch64",
"product_id": "libssh4-0.9.8-150200.13.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh4-64bit-0.9.8-150200.13.9.1.aarch64_ilp32",
"product": {
"name": "libssh4-64bit-0.9.8-150200.13.9.1.aarch64_ilp32",
"product_id": "libssh4-64bit-0.9.8-150200.13.9.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150200.13.9.1.i586",
"product": {
"name": "libssh-config-0.9.8-150200.13.9.1.i586",
"product_id": "libssh-config-0.9.8-150200.13.9.1.i586"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150200.13.9.1.i586",
"product": {
"name": "libssh-devel-0.9.8-150200.13.9.1.i586",
"product_id": "libssh-devel-0.9.8-150200.13.9.1.i586"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150200.13.9.1.i586",
"product": {
"name": "libssh4-0.9.8-150200.13.9.1.i586",
"product_id": "libssh4-0.9.8-150200.13.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150200.13.9.1.ppc64le",
"product": {
"name": "libssh-config-0.9.8-150200.13.9.1.ppc64le",
"product_id": "libssh-config-0.9.8-150200.13.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"product": {
"name": "libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"product_id": "libssh-devel-0.9.8-150200.13.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150200.13.9.1.ppc64le",
"product": {
"name": "libssh4-0.9.8-150200.13.9.1.ppc64le",
"product_id": "libssh4-0.9.8-150200.13.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150200.13.9.1.s390x",
"product": {
"name": "libssh-config-0.9.8-150200.13.9.1.s390x",
"product_id": "libssh-config-0.9.8-150200.13.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150200.13.9.1.s390x",
"product": {
"name": "libssh-devel-0.9.8-150200.13.9.1.s390x",
"product_id": "libssh-devel-0.9.8-150200.13.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150200.13.9.1.s390x",
"product": {
"name": "libssh4-0.9.8-150200.13.9.1.s390x",
"product_id": "libssh4-0.9.8-150200.13.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150200.13.9.1.x86_64",
"product": {
"name": "libssh-config-0.9.8-150200.13.9.1.x86_64",
"product_id": "libssh-config-0.9.8-150200.13.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150200.13.9.1.x86_64",
"product": {
"name": "libssh-devel-0.9.8-150200.13.9.1.x86_64",
"product_id": "libssh-devel-0.9.8-150200.13.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150200.13.9.1.x86_64",
"product": {
"name": "libssh4-0.9.8-150200.13.9.1.x86_64",
"product_id": "libssh4-0.9.8-150200.13.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"product": {
"name": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"product_id": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150200.13.9.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150200.13.9.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150200.13.9.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4877"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4877",
"url": "https://www.suse.com/security/cve/CVE-2025-4877"
},
{
"category": "external",
"summary": "SUSE Bug 1245309 for CVE-2025-4877",
"url": "https://bugzilla.suse.com/1245309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:03:25Z",
"details": "moderate"
}
],
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-4878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4878"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4878",
"url": "https://www.suse.com/security/cve/CVE-2025-4878"
},
{
"category": "external",
"summary": "SUSE Bug 1245310 for CVE-2025-4878",
"url": "https://bugzilla.suse.com/1245310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:03:25Z",
"details": "low"
}
],
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5318"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5318",
"url": "https://www.suse.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Bug 1245311 for CVE-2025-5318",
"url": "https://bugzilla.suse.com/1245311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:03:25Z",
"details": "moderate"
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5372"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success\u2014the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions\u0027 confidentiality, integrity, and availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5372",
"url": "https://www.suse.com/security/cve/CVE-2025-5372"
},
{
"category": "external",
"summary": "SUSE Bug 1245314 for CVE-2025-5372",
"url": "https://bugzilla.suse.com/1245314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh4-32bit-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-config-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh-devel-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-0.9.8-150200.13.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh4-32bit-0.9.8-150200.13.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:03:25Z",
"details": "important"
}
],
"title": "CVE-2025-5372"
}
]
}
suse-su-2025:20557-1
Vulnerability from csaf_suse
Published
2025-08-14 09:26
Modified
2025-08-14 09:26
Summary
Security update for libssh
Notes
Title of the patch
Security update for libssh
Description of the patch
This update for libssh fixes the following issues:
- CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
- CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317)
- CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
- CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
- CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
- CVE-2025-5351: Double free in functions exporting keys (bsc#1245312)
Patchnames
SUSE-SLE-Micro-6.0-419
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh fixes the following issues:\n\n- CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)\n- CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317)\n- CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)\n- CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)\n- CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)\n- CVE-2025-5351: Double free in functions exporting keys (bsc#1245312)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-419",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20557-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20557-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520557-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20557-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041296.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245309",
"url": "https://bugzilla.suse.com/1245309"
},
{
"category": "self",
"summary": "SUSE Bug 1245310",
"url": "https://bugzilla.suse.com/1245310"
},
{
"category": "self",
"summary": "SUSE Bug 1245311",
"url": "https://bugzilla.suse.com/1245311"
},
{
"category": "self",
"summary": "SUSE Bug 1245312",
"url": "https://bugzilla.suse.com/1245312"
},
{
"category": "self",
"summary": "SUSE Bug 1245314",
"url": "https://bugzilla.suse.com/1245314"
},
{
"category": "self",
"summary": "SUSE Bug 1245317",
"url": "https://bugzilla.suse.com/1245317"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5987/"
}
],
"title": "Security update for libssh",
"tracking": {
"current_release_date": "2025-08-14T09:26:49Z",
"generator": {
"date": "2025-08-14T09:26:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20557-1",
"initial_release_date": "2025-08-14T09:26:49Z",
"revision_history": [
{
"date": "2025-08-14T09:26:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.10.6-2.1.aarch64",
"product": {
"name": "libssh-config-0.10.6-2.1.aarch64",
"product_id": "libssh-config-0.10.6-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-0.10.6-2.1.aarch64",
"product": {
"name": "libssh4-0.10.6-2.1.aarch64",
"product_id": "libssh4-0.10.6-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.10.6-2.1.s390x",
"product": {
"name": "libssh-config-0.10.6-2.1.s390x",
"product_id": "libssh-config-0.10.6-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-0.10.6-2.1.s390x",
"product": {
"name": "libssh4-0.10.6-2.1.s390x",
"product_id": "libssh4-0.10.6-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.10.6-2.1.x86_64",
"product": {
"name": "libssh-config-0.10.6-2.1.x86_64",
"product_id": "libssh-config-0.10.6-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-0.10.6-2.1.x86_64",
"product": {
"name": "libssh4-0.10.6-2.1.x86_64",
"product_id": "libssh4-0.10.6-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.10.6-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64"
},
"product_reference": "libssh-config-0.10.6-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.10.6-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x"
},
"product_reference": "libssh-config-0.10.6-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.10.6-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64"
},
"product_reference": "libssh-config-0.10.6-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.10.6-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64"
},
"product_reference": "libssh4-0.10.6-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.10.6-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x"
},
"product_reference": "libssh4-0.10.6-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.10.6-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
},
"product_reference": "libssh4-0.10.6-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4877"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it\u0027s possible that the program perform out of bounds write leading to a heap corruption.\nThis issue affects only 32-bits builds of libssh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4877",
"url": "https://www.suse.com/security/cve/CVE-2025-4877"
},
{
"category": "external",
"summary": "SUSE Bug 1245309 for CVE-2025-4877",
"url": "https://bugzilla.suse.com/1245309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T09:26:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-4878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4878"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn\u0027t exist and may lead to possible signing failures or heap corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4878",
"url": "https://www.suse.com/security/cve/CVE-2025-4878"
},
{
"category": "external",
"summary": "SUSE Bug 1245310 for CVE-2025-4878",
"url": "https://bugzilla.suse.com/1245310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T09:26:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5318"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5318",
"url": "https://www.suse.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Bug 1245311 for CVE-2025-5318",
"url": "https://bugzilla.suse.com/1245311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T09:26:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5351"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5351",
"url": "https://www.suse.com/security/cve/CVE-2025-5351"
},
{
"category": "external",
"summary": "SUSE Bug 1245312 for CVE-2025-5351",
"url": "https://bugzilla.suse.com/1245312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T09:26:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-5351"
},
{
"cve": "CVE-2025-5372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5372"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success-the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions\u0027 confidentiality, integrity, and availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5372",
"url": "https://www.suse.com/security/cve/CVE-2025-5372"
},
{
"category": "external",
"summary": "SUSE Bug 1245314 for CVE-2025-5372",
"url": "https://bugzilla.suse.com/1245314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T09:26:49Z",
"details": "important"
}
],
"title": "CVE-2025-5372"
},
{
"cve": "CVE-2025-5987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5987"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5987",
"url": "https://www.suse.com/security/cve/CVE-2025-5987"
},
{
"category": "external",
"summary": "SUSE Bug 1245317 for CVE-2025-5987",
"url": "https://bugzilla.suse.com/1245317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh-config-0.10.6-2.1.x86_64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.aarch64",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.s390x",
"SUSE Linux Micro 6.0:libssh4-0.10.6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T09:26:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-5987"
}
]
}
suse-su-2025:02278-1
Vulnerability from csaf_suse
Published
2025-07-10 16:02
Modified
2025-07-10 16:02
Summary
Security update for libssh
Notes
Title of the patch
Security update for libssh
Description of the patch
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
Patchnames
SUSE-2025-2278,SUSE-SLE-Micro-5.3-2025-2278,SUSE-SLE-Micro-5.4-2025-2278,SUSE-SLE-Micro-5.5-2025-2278,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2278,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2278,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2278,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2278,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2278,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2278,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2278,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2278,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2278,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2278
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh fixes the following issues:\n\n- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).\n- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).\n- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).\n- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2278,SUSE-SLE-Micro-5.3-2025-2278,SUSE-SLE-Micro-5.4-2025-2278,SUSE-SLE-Micro-5.5-2025-2278,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2278,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2278,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2278,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2278,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2278,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2278,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2278,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2278,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2278,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2278",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02278-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02278-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502278-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02278-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040682.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245309",
"url": "https://bugzilla.suse.com/1245309"
},
{
"category": "self",
"summary": "SUSE Bug 1245310",
"url": "https://bugzilla.suse.com/1245310"
},
{
"category": "self",
"summary": "SUSE Bug 1245311",
"url": "https://bugzilla.suse.com/1245311"
},
{
"category": "self",
"summary": "SUSE Bug 1245314",
"url": "https://bugzilla.suse.com/1245314"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5372/"
}
],
"title": "Security update for libssh",
"tracking": {
"current_release_date": "2025-07-10T16:02:57Z",
"generator": {
"date": "2025-07-10T16:02:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02278-1",
"initial_release_date": "2025-07-10T16:02:57Z",
"revision_history": [
{
"date": "2025-07-10T16:02:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"product": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"product_id": "libssh-config-0.9.8-150400.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150400.3.9.1.aarch64",
"product": {
"name": "libssh-devel-0.9.8-150400.3.9.1.aarch64",
"product_id": "libssh-devel-0.9.8-150400.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150400.3.9.1.aarch64",
"product": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64",
"product_id": "libssh4-0.9.8-150400.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh4-64bit-0.9.8-150400.3.9.1.aarch64_ilp32",
"product": {
"name": "libssh4-64bit-0.9.8-150400.3.9.1.aarch64_ilp32",
"product_id": "libssh4-64bit-0.9.8-150400.3.9.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150400.3.9.1.i586",
"product": {
"name": "libssh-config-0.9.8-150400.3.9.1.i586",
"product_id": "libssh-config-0.9.8-150400.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150400.3.9.1.i586",
"product": {
"name": "libssh-devel-0.9.8-150400.3.9.1.i586",
"product_id": "libssh-devel-0.9.8-150400.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150400.3.9.1.i586",
"product": {
"name": "libssh4-0.9.8-150400.3.9.1.i586",
"product_id": "libssh4-0.9.8-150400.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150400.3.9.1.ppc64le",
"product": {
"name": "libssh-config-0.9.8-150400.3.9.1.ppc64le",
"product_id": "libssh-config-0.9.8-150400.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"product": {
"name": "libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"product_id": "libssh-devel-0.9.8-150400.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150400.3.9.1.ppc64le",
"product": {
"name": "libssh4-0.9.8-150400.3.9.1.ppc64le",
"product_id": "libssh4-0.9.8-150400.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150400.3.9.1.s390x",
"product": {
"name": "libssh-config-0.9.8-150400.3.9.1.s390x",
"product_id": "libssh-config-0.9.8-150400.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150400.3.9.1.s390x",
"product": {
"name": "libssh-devel-0.9.8-150400.3.9.1.s390x",
"product_id": "libssh-devel-0.9.8-150400.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150400.3.9.1.s390x",
"product": {
"name": "libssh4-0.9.8-150400.3.9.1.s390x",
"product_id": "libssh4-0.9.8-150400.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"product": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"product_id": "libssh-config-0.9.8-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"product": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"product_id": "libssh-devel-0.9.8-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150400.3.9.1.x86_64",
"product": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64",
"product_id": "libssh4-0.9.8-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"product": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"product_id": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150400.3.9.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150400.3.9.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150400.3.9.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4877"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4877",
"url": "https://www.suse.com/security/cve/CVE-2025-4877"
},
{
"category": "external",
"summary": "SUSE Bug 1245309 for CVE-2025-4877",
"url": "https://bugzilla.suse.com/1245309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:02:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-4878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4878"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4878",
"url": "https://www.suse.com/security/cve/CVE-2025-4878"
},
{
"category": "external",
"summary": "SUSE Bug 1245310 for CVE-2025-4878",
"url": "https://bugzilla.suse.com/1245310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:02:57Z",
"details": "low"
}
],
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5318"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5318",
"url": "https://www.suse.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Bug 1245311 for CVE-2025-5318",
"url": "https://bugzilla.suse.com/1245311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:02:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5372"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success\u2014the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions\u0027 confidentiality, integrity, and availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5372",
"url": "https://www.suse.com/security/cve/CVE-2025-5372"
},
{
"category": "external",
"summary": "SUSE Bug 1245314 for CVE-2025-5372",
"url": "https://bugzilla.suse.com/1245314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-config-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh-devel-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.ppc64le",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.s390x",
"SUSE Manager Server 4.3:libssh4-0.9.8-150400.3.9.1.x86_64",
"SUSE Manager Server 4.3:libssh4-32bit-0.9.8-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:02:57Z",
"details": "important"
}
],
"title": "CVE-2025-5372"
}
]
}
suse-su-2025:02755-1
Vulnerability from csaf_suse
Published
2025-08-12 07:35
Modified
2025-08-12 07:35
Summary
Security update for libssh
Notes
Title of the patch
Security update for libssh
Description of the patch
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
Patchnames
SUSE-2025-2755,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2755,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2755
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh fixes the following issues:\n\n- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).\n- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).\n- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2755,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2755,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2755",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02755-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02755-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502755-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02755-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041165.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245309",
"url": "https://bugzilla.suse.com/1245309"
},
{
"category": "self",
"summary": "SUSE Bug 1245310",
"url": "https://bugzilla.suse.com/1245310"
},
{
"category": "self",
"summary": "SUSE Bug 1245311",
"url": "https://bugzilla.suse.com/1245311"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5318/"
}
],
"title": "Security update for libssh",
"tracking": {
"current_release_date": "2025-08-12T07:35:23Z",
"generator": {
"date": "2025-08-12T07:35:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02755-1",
"initial_release_date": "2025-08-12T07:35:23Z",
"revision_history": [
{
"date": "2025-08-12T07:35:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0.6.3-12.15.1.aarch64",
"product": {
"name": "libssh-devel-0.6.3-12.15.1.aarch64",
"product_id": "libssh-devel-0.6.3-12.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh-devel-doc-0.6.3-12.15.1.aarch64",
"product": {
"name": "libssh-devel-doc-0.6.3-12.15.1.aarch64",
"product_id": "libssh-devel-doc-0.6.3-12.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-0.6.3-12.15.1.aarch64",
"product": {
"name": "libssh4-0.6.3-12.15.1.aarch64",
"product_id": "libssh4-0.6.3-12.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh4-64bit-0.6.3-12.15.1.aarch64_ilp32",
"product": {
"name": "libssh4-64bit-0.6.3-12.15.1.aarch64_ilp32",
"product_id": "libssh4-64bit-0.6.3-12.15.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0.6.3-12.15.1.i586",
"product": {
"name": "libssh-devel-0.6.3-12.15.1.i586",
"product_id": "libssh-devel-0.6.3-12.15.1.i586"
}
},
{
"category": "product_version",
"name": "libssh-devel-doc-0.6.3-12.15.1.i586",
"product": {
"name": "libssh-devel-doc-0.6.3-12.15.1.i586",
"product_id": "libssh-devel-doc-0.6.3-12.15.1.i586"
}
},
{
"category": "product_version",
"name": "libssh4-0.6.3-12.15.1.i586",
"product": {
"name": "libssh4-0.6.3-12.15.1.i586",
"product_id": "libssh4-0.6.3-12.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0.6.3-12.15.1.ppc64le",
"product": {
"name": "libssh-devel-0.6.3-12.15.1.ppc64le",
"product_id": "libssh-devel-0.6.3-12.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"product": {
"name": "libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"product_id": "libssh-devel-doc-0.6.3-12.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh4-0.6.3-12.15.1.ppc64le",
"product": {
"name": "libssh4-0.6.3-12.15.1.ppc64le",
"product_id": "libssh4-0.6.3-12.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0.6.3-12.15.1.s390",
"product": {
"name": "libssh-devel-0.6.3-12.15.1.s390",
"product_id": "libssh-devel-0.6.3-12.15.1.s390"
}
},
{
"category": "product_version",
"name": "libssh-devel-doc-0.6.3-12.15.1.s390",
"product": {
"name": "libssh-devel-doc-0.6.3-12.15.1.s390",
"product_id": "libssh-devel-doc-0.6.3-12.15.1.s390"
}
},
{
"category": "product_version",
"name": "libssh4-0.6.3-12.15.1.s390",
"product": {
"name": "libssh4-0.6.3-12.15.1.s390",
"product_id": "libssh4-0.6.3-12.15.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0.6.3-12.15.1.s390x",
"product": {
"name": "libssh-devel-0.6.3-12.15.1.s390x",
"product_id": "libssh-devel-0.6.3-12.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh-devel-doc-0.6.3-12.15.1.s390x",
"product": {
"name": "libssh-devel-doc-0.6.3-12.15.1.s390x",
"product_id": "libssh-devel-doc-0.6.3-12.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-0.6.3-12.15.1.s390x",
"product": {
"name": "libssh4-0.6.3-12.15.1.s390x",
"product_id": "libssh4-0.6.3-12.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.6.3-12.15.1.s390x",
"product": {
"name": "libssh4-32bit-0.6.3-12.15.1.s390x",
"product_id": "libssh4-32bit-0.6.3-12.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-devel-0.6.3-12.15.1.x86_64",
"product": {
"name": "libssh-devel-0.6.3-12.15.1.x86_64",
"product_id": "libssh-devel-0.6.3-12.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh-devel-doc-0.6.3-12.15.1.x86_64",
"product": {
"name": "libssh-devel-doc-0.6.3-12.15.1.x86_64",
"product_id": "libssh-devel-doc-0.6.3-12.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-0.6.3-12.15.1.x86_64",
"product": {
"name": "libssh4-0.6.3-12.15.1.x86_64",
"product_id": "libssh4-0.6.3-12.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.6.3-12.15.1.x86_64",
"product": {
"name": "libssh4-32bit-0.6.3-12.15.1.x86_64",
"product_id": "libssh4-32bit-0.6.3-12.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-doc-0.6.3-12.15.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64"
},
"product_reference": "libssh-devel-doc-0.6.3-12.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-doc-0.6.3-12.15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le"
},
"product_reference": "libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-doc-0.6.3-12.15.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x"
},
"product_reference": "libssh-devel-doc-0.6.3-12.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-doc-0.6.3-12.15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64"
},
"product_reference": "libssh-devel-doc-0.6.3-12.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-doc-0.6.3-12.15.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
},
"product_reference": "libssh-devel-doc-0.6.3-12.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4877"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4877",
"url": "https://www.suse.com/security/cve/CVE-2025-4877"
},
{
"category": "external",
"summary": "SUSE Bug 1245309 for CVE-2025-4877",
"url": "https://bugzilla.suse.com/1245309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T07:35:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-4878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4878"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn\u0027t exist and may lead to possible signing failures or heap corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4878",
"url": "https://www.suse.com/security/cve/CVE-2025-4878"
},
{
"category": "external",
"summary": "SUSE Bug 1245310 for CVE-2025-4878",
"url": "https://bugzilla.suse.com/1245310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T07:35:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5318"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5318",
"url": "https://www.suse.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Bug 1245311 for CVE-2025-5318",
"url": "https://bugzilla.suse.com/1245311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-doc-0.6.3-12.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-doc-0.6.3-12.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T07:35:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-5318"
}
]
}
suse-su-2025:20596-1
Vulnerability from csaf_suse
Published
2025-08-14 10:14
Modified
2025-08-14 10:14
Summary
Security update for libssh
Notes
Title of the patch
Security update for libssh
Description of the patch
This update for libssh fixes the following issues:
- CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
- CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317)
- CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
- CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
- CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
- CVE-2025-5351: Double free in functions exporting keys (bsc#1245312)
Patchnames
SUSE-SLE-Micro-6.1-213
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh fixes the following issues:\n\n- CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)\n- CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317)\n- CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)\n- CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)\n- CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)\n- CVE-2025-5351: Double free in functions exporting keys (bsc#1245312)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-213",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20596-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20596-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520596-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20596-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022366.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245309",
"url": "https://bugzilla.suse.com/1245309"
},
{
"category": "self",
"summary": "SUSE Bug 1245310",
"url": "https://bugzilla.suse.com/1245310"
},
{
"category": "self",
"summary": "SUSE Bug 1245311",
"url": "https://bugzilla.suse.com/1245311"
},
{
"category": "self",
"summary": "SUSE Bug 1245312",
"url": "https://bugzilla.suse.com/1245312"
},
{
"category": "self",
"summary": "SUSE Bug 1245314",
"url": "https://bugzilla.suse.com/1245314"
},
{
"category": "self",
"summary": "SUSE Bug 1245317",
"url": "https://bugzilla.suse.com/1245317"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5987/"
}
],
"title": "Security update for libssh",
"tracking": {
"current_release_date": "2025-08-14T10:14:25Z",
"generator": {
"date": "2025-08-14T10:14:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20596-1",
"initial_release_date": "2025-08-14T10:14:25Z",
"revision_history": [
{
"date": "2025-08-14T10:14:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"product": {
"name": "libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"product_id": "libssh-config-0.10.6-slfo.1.1_2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"product": {
"name": "libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"product_id": "libssh4-0.10.6-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"product": {
"name": "libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"product_id": "libssh-config-0.10.6-slfo.1.1_2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"product": {
"name": "libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"product_id": "libssh4-0.10.6-slfo.1.1_2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"product": {
"name": "libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"product_id": "libssh-config-0.10.6-slfo.1.1_2.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-0.10.6-slfo.1.1_2.1.s390x",
"product": {
"name": "libssh4-0.10.6-slfo.1.1_2.1.s390x",
"product_id": "libssh4-0.10.6-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"product": {
"name": "libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"product_id": "libssh-config-0.10.6-slfo.1.1_2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-0.10.6-slfo.1.1_2.1.x86_64",
"product": {
"name": "libssh4-0.10.6-slfo.1.1_2.1.x86_64",
"product_id": "libssh4-0.10.6-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.10.6-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64"
},
"product_reference": "libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.10.6-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le"
},
"product_reference": "libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.10.6-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x"
},
"product_reference": "libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.10.6-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64"
},
"product_reference": "libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.10.6-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64"
},
"product_reference": "libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.10.6-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le"
},
"product_reference": "libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.10.6-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x"
},
"product_reference": "libssh4-0.10.6-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.10.6-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
},
"product_reference": "libssh4-0.10.6-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4877"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it\u0027s possible that the program perform out of bounds write leading to a heap corruption.\nThis issue affects only 32-bits builds of libssh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4877",
"url": "https://www.suse.com/security/cve/CVE-2025-4877"
},
{
"category": "external",
"summary": "SUSE Bug 1245309 for CVE-2025-4877",
"url": "https://bugzilla.suse.com/1245309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:14:25Z",
"details": "moderate"
}
],
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-4878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4878"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn\u0027t exist and may lead to possible signing failures or heap corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4878",
"url": "https://www.suse.com/security/cve/CVE-2025-4878"
},
{
"category": "external",
"summary": "SUSE Bug 1245310 for CVE-2025-4878",
"url": "https://bugzilla.suse.com/1245310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:14:25Z",
"details": "moderate"
}
],
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5318"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5318",
"url": "https://www.suse.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Bug 1245311 for CVE-2025-5318",
"url": "https://bugzilla.suse.com/1245311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:14:25Z",
"details": "moderate"
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5351"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5351",
"url": "https://www.suse.com/security/cve/CVE-2025-5351"
},
{
"category": "external",
"summary": "SUSE Bug 1245312 for CVE-2025-5351",
"url": "https://bugzilla.suse.com/1245312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:14:25Z",
"details": "moderate"
}
],
"title": "CVE-2025-5351"
},
{
"cve": "CVE-2025-5372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5372"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success-the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions\u0027 confidentiality, integrity, and availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5372",
"url": "https://www.suse.com/security/cve/CVE-2025-5372"
},
{
"category": "external",
"summary": "SUSE Bug 1245314 for CVE-2025-5372",
"url": "https://bugzilla.suse.com/1245314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:14:25Z",
"details": "important"
}
],
"title": "CVE-2025-5372"
},
{
"cve": "CVE-2025-5987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5987"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5987",
"url": "https://www.suse.com/security/cve/CVE-2025-5987"
},
{
"category": "external",
"summary": "SUSE Bug 1245317 for CVE-2025-5987",
"url": "https://bugzilla.suse.com/1245317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh-config-0.10.6-slfo.1.1_2.1.x86_64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libssh4-0.10.6-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T10:14:25Z",
"details": "moderate"
}
],
"title": "CVE-2025-5987"
}
]
}
suse-su-2025:02281-1
Vulnerability from csaf_suse
Published
2025-07-10 16:05
Modified
2025-07-10 16:05
Summary
Security update for libssh
Notes
Title of the patch
Security update for libssh
Description of the patch
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
Patchnames
SUSE-2025-2281,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2281,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2281
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh fixes the following issues:\n\n- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).\n- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).\n- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).\n- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2281,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2281,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2281",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02281-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02281-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502281-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02281-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040679.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245309",
"url": "https://bugzilla.suse.com/1245309"
},
{
"category": "self",
"summary": "SUSE Bug 1245310",
"url": "https://bugzilla.suse.com/1245310"
},
{
"category": "self",
"summary": "SUSE Bug 1245311",
"url": "https://bugzilla.suse.com/1245311"
},
{
"category": "self",
"summary": "SUSE Bug 1245314",
"url": "https://bugzilla.suse.com/1245314"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5372/"
}
],
"title": "Security update for libssh",
"tracking": {
"current_release_date": "2025-07-10T16:05:33Z",
"generator": {
"date": "2025-07-10T16:05:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02281-1",
"initial_release_date": "2025-07-10T16:05:33Z",
"revision_history": [
{
"date": "2025-07-10T16:05:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-3.15.1.aarch64",
"product": {
"name": "libssh-config-0.9.8-3.15.1.aarch64",
"product_id": "libssh-config-0.9.8-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-3.15.1.aarch64",
"product": {
"name": "libssh-devel-0.9.8-3.15.1.aarch64",
"product_id": "libssh-devel-0.9.8-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-3.15.1.aarch64",
"product": {
"name": "libssh4-0.9.8-3.15.1.aarch64",
"product_id": "libssh4-0.9.8-3.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh4-64bit-0.9.8-3.15.1.aarch64_ilp32",
"product": {
"name": "libssh4-64bit-0.9.8-3.15.1.aarch64_ilp32",
"product_id": "libssh4-64bit-0.9.8-3.15.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-3.15.1.i586",
"product": {
"name": "libssh-config-0.9.8-3.15.1.i586",
"product_id": "libssh-config-0.9.8-3.15.1.i586"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-3.15.1.i586",
"product": {
"name": "libssh-devel-0.9.8-3.15.1.i586",
"product_id": "libssh-devel-0.9.8-3.15.1.i586"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-3.15.1.i586",
"product": {
"name": "libssh4-0.9.8-3.15.1.i586",
"product_id": "libssh4-0.9.8-3.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-3.15.1.ppc64le",
"product": {
"name": "libssh-config-0.9.8-3.15.1.ppc64le",
"product_id": "libssh-config-0.9.8-3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-3.15.1.ppc64le",
"product": {
"name": "libssh-devel-0.9.8-3.15.1.ppc64le",
"product_id": "libssh-devel-0.9.8-3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-3.15.1.ppc64le",
"product": {
"name": "libssh4-0.9.8-3.15.1.ppc64le",
"product_id": "libssh4-0.9.8-3.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-3.15.1.s390",
"product": {
"name": "libssh-config-0.9.8-3.15.1.s390",
"product_id": "libssh-config-0.9.8-3.15.1.s390"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-3.15.1.s390",
"product": {
"name": "libssh-devel-0.9.8-3.15.1.s390",
"product_id": "libssh-devel-0.9.8-3.15.1.s390"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-3.15.1.s390",
"product": {
"name": "libssh4-0.9.8-3.15.1.s390",
"product_id": "libssh4-0.9.8-3.15.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-3.15.1.s390x",
"product": {
"name": "libssh-config-0.9.8-3.15.1.s390x",
"product_id": "libssh-config-0.9.8-3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-3.15.1.s390x",
"product": {
"name": "libssh-devel-0.9.8-3.15.1.s390x",
"product_id": "libssh-devel-0.9.8-3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-3.15.1.s390x",
"product": {
"name": "libssh4-0.9.8-3.15.1.s390x",
"product_id": "libssh4-0.9.8-3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.9.8-3.15.1.s390x",
"product": {
"name": "libssh4-32bit-0.9.8-3.15.1.s390x",
"product_id": "libssh4-32bit-0.9.8-3.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-3.15.1.x86_64",
"product": {
"name": "libssh-config-0.9.8-3.15.1.x86_64",
"product_id": "libssh-config-0.9.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-3.15.1.x86_64",
"product": {
"name": "libssh-devel-0.9.8-3.15.1.x86_64",
"product_id": "libssh-devel-0.9.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-3.15.1.x86_64",
"product": {
"name": "libssh4-0.9.8-3.15.1.x86_64",
"product_id": "libssh4-0.9.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.9.8-3.15.1.x86_64",
"product": {
"name": "libssh4-32bit-0.9.8-3.15.1.x86_64",
"product_id": "libssh4-32bit-0.9.8-3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-3.15.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-3.15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-3.15.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x"
},
"product_reference": "libssh-config-0.9.8-3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-3.15.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-3.15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-3.15.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x"
},
"product_reference": "libssh-devel-0.9.8-3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-3.15.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64"
},
"product_reference": "libssh4-0.9.8-3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-3.15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-3.15.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x"
},
"product_reference": "libssh4-0.9.8-3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64"
},
"product_reference": "libssh4-0.9.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-3.15.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x"
},
"product_reference": "libssh4-32bit-0.9.8-3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64"
},
"product_reference": "libssh4-0.9.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4877"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4877",
"url": "https://www.suse.com/security/cve/CVE-2025-4877"
},
{
"category": "external",
"summary": "SUSE Bug 1245309 for CVE-2025-4877",
"url": "https://bugzilla.suse.com/1245309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:05:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-4878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4878"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4878",
"url": "https://www.suse.com/security/cve/CVE-2025-4878"
},
{
"category": "external",
"summary": "SUSE Bug 1245310 for CVE-2025-4878",
"url": "https://bugzilla.suse.com/1245310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:05:33Z",
"details": "low"
}
],
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5318"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5318",
"url": "https://www.suse.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Bug 1245311 for CVE-2025-5318",
"url": "https://bugzilla.suse.com/1245311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:05:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5372"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success\u2014the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions\u0027 confidentiality, integrity, and availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5372",
"url": "https://www.suse.com/security/cve/CVE-2025-5372"
},
{
"category": "external",
"summary": "SUSE Bug 1245314 for CVE-2025-5372",
"url": "https://bugzilla.suse.com/1245314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libssh4-32bit-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-config-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh-devel-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-0.9.8-3.15.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libssh4-32bit-0.9.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-10T16:05:33Z",
"details": "important"
}
],
"title": "CVE-2025-5372"
}
]
}
suse-su-2025:02229-1
Vulnerability from csaf_suse
Published
2025-07-04 16:02
Modified
2025-07-04 16:02
Summary
Security update for libssh
Notes
Title of the patch
Security update for libssh
Description of the patch
This update for libssh fixes the following issues:
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).
Patchnames
SUSE-2025-2229,SUSE-SLE-Module-Basesystem-15-SP6-2025-2229,SUSE-SLE-Module-Basesystem-15-SP7-2025-2229,openSUSE-SLE-15.6-2025-2229
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh fixes the following issues:\n\n- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).\n- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).\n- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).\n- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2229,SUSE-SLE-Module-Basesystem-15-SP6-2025-2229,SUSE-SLE-Module-Basesystem-15-SP7-2025-2229,openSUSE-SLE-15.6-2025-2229",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02229-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02229-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502229-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02229-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040622.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245309",
"url": "https://bugzilla.suse.com/1245309"
},
{
"category": "self",
"summary": "SUSE Bug 1245310",
"url": "https://bugzilla.suse.com/1245310"
},
{
"category": "self",
"summary": "SUSE Bug 1245311",
"url": "https://bugzilla.suse.com/1245311"
},
{
"category": "self",
"summary": "SUSE Bug 1245314",
"url": "https://bugzilla.suse.com/1245314"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5318 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5372/"
}
],
"title": "Security update for libssh",
"tracking": {
"current_release_date": "2025-07-04T16:02:31Z",
"generator": {
"date": "2025-07-04T16:02:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02229-1",
"initial_release_date": "2025-07-04T16:02:31Z",
"revision_history": [
{
"date": "2025-07-04T16:02:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150600.11.3.1.aarch64",
"product": {
"name": "libssh-config-0.9.8-150600.11.3.1.aarch64",
"product_id": "libssh-config-0.9.8-150600.11.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150600.11.3.1.aarch64",
"product": {
"name": "libssh-devel-0.9.8-150600.11.3.1.aarch64",
"product_id": "libssh-devel-0.9.8-150600.11.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150600.11.3.1.aarch64",
"product": {
"name": "libssh4-0.9.8-150600.11.3.1.aarch64",
"product_id": "libssh4-0.9.8-150600.11.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh4-64bit-0.9.8-150600.11.3.1.aarch64_ilp32",
"product": {
"name": "libssh4-64bit-0.9.8-150600.11.3.1.aarch64_ilp32",
"product_id": "libssh4-64bit-0.9.8-150600.11.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150600.11.3.1.i586",
"product": {
"name": "libssh-config-0.9.8-150600.11.3.1.i586",
"product_id": "libssh-config-0.9.8-150600.11.3.1.i586"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150600.11.3.1.i586",
"product": {
"name": "libssh-devel-0.9.8-150600.11.3.1.i586",
"product_id": "libssh-devel-0.9.8-150600.11.3.1.i586"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150600.11.3.1.i586",
"product": {
"name": "libssh4-0.9.8-150600.11.3.1.i586",
"product_id": "libssh4-0.9.8-150600.11.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150600.11.3.1.ppc64le",
"product": {
"name": "libssh-config-0.9.8-150600.11.3.1.ppc64le",
"product_id": "libssh-config-0.9.8-150600.11.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"product": {
"name": "libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"product_id": "libssh-devel-0.9.8-150600.11.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150600.11.3.1.ppc64le",
"product": {
"name": "libssh4-0.9.8-150600.11.3.1.ppc64le",
"product_id": "libssh4-0.9.8-150600.11.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150600.11.3.1.s390x",
"product": {
"name": "libssh-config-0.9.8-150600.11.3.1.s390x",
"product_id": "libssh-config-0.9.8-150600.11.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150600.11.3.1.s390x",
"product": {
"name": "libssh-devel-0.9.8-150600.11.3.1.s390x",
"product_id": "libssh-devel-0.9.8-150600.11.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150600.11.3.1.s390x",
"product": {
"name": "libssh4-0.9.8-150600.11.3.1.s390x",
"product_id": "libssh4-0.9.8-150600.11.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh-config-0.9.8-150600.11.3.1.x86_64",
"product": {
"name": "libssh-config-0.9.8-150600.11.3.1.x86_64",
"product_id": "libssh-config-0.9.8-150600.11.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh-devel-0.9.8-150600.11.3.1.x86_64",
"product": {
"name": "libssh-devel-0.9.8-150600.11.3.1.x86_64",
"product_id": "libssh-devel-0.9.8-150600.11.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-0.9.8-150600.11.3.1.x86_64",
"product": {
"name": "libssh4-0.9.8-150600.11.3.1.x86_64",
"product_id": "libssh4-0.9.8-150600.11.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"product": {
"name": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"product_id": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-config-0.9.8-150600.11.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh-config-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh-devel-0.9.8-150600.11.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh-devel-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-0.9.8-150600.11.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh4-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
},
"product_reference": "libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4877"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it\u0027s possible that the program perform out of bounds write leading to a heap corruption.\nThis issue affects only 32-bits builds of libssh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4877",
"url": "https://www.suse.com/security/cve/CVE-2025-4877"
},
{
"category": "external",
"summary": "SUSE Bug 1245309 for CVE-2025-4877",
"url": "https://bugzilla.suse.com/1245309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-04T16:02:31Z",
"details": "moderate"
}
],
"title": "CVE-2025-4877"
},
{
"cve": "CVE-2025-4878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4878"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn\u0027t exist and may lead to possible signing failures or heap corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4878",
"url": "https://www.suse.com/security/cve/CVE-2025-4878"
},
{
"category": "external",
"summary": "SUSE Bug 1245310 for CVE-2025-4878",
"url": "https://bugzilla.suse.com/1245310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-04T16:02:31Z",
"details": "moderate"
}
],
"title": "CVE-2025-4878"
},
{
"cve": "CVE-2025-5318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5318"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5318",
"url": "https://www.suse.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "SUSE Bug 1245311 for CVE-2025-5318",
"url": "https://bugzilla.suse.com/1245311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-04T16:02:31Z",
"details": "moderate"
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5372"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success-the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions\u0027 confidentiality, integrity, and availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5372",
"url": "https://www.suse.com/security/cve/CVE-2025-5372"
},
{
"category": "external",
"summary": "SUSE Bug 1245314 for CVE-2025-5372",
"url": "https://bugzilla.suse.com/1245314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-config-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-0.9.8-150600.11.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libssh4-32bit-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-config-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh-devel-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.aarch64",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.ppc64le",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.s390x",
"openSUSE Leap 15.6:libssh4-0.9.8-150600.11.3.1.x86_64",
"openSUSE Leap 15.6:libssh4-32bit-0.9.8-150600.11.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-04T16:02:31Z",
"details": "important"
}
],
"title": "CVE-2025-5372"
}
]
}
fkie_cve-2025-5318
Vulnerability from fkie_nvd
Published
2025-06-24 14:15
Modified
2025-11-11 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:18231 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:18275 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:18286 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19012 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19098 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19101 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19295 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19300 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19313 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19400 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19401 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19470 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19472 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:19807 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:20943 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:21013 | ||
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2025-5318 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2369131 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://www.libssh.org/security/advisories/CVE-2025-5318.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift_container_platform | 4.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux | 10.0 | |
| libssh | libssh | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E05F605-6E29-4F09-96DF-A1E1B29D0C3C",
"versionEndExcluding": "0.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en la librer\u00eda libssh. Una lectura fuera de los l\u00edmites puede activarse en la funci\u00f3n sftp_handle debido a una comprobaci\u00f3n de comparaci\u00f3n incorrecta que permite que la funci\u00f3n acceda a memoria m\u00e1s all\u00e1 de la lista de manejadores v\u00e1lidos y devuelva un puntero no v\u00e1lido, que se utiliza en el procesamiento posterior. Esta vulnerabilidad permite que un atacante remoto autenticado lea regiones de memoria no deseadas, exponiendo informaci\u00f3n confidencial o afectando el comportamiento del servicio."
}
],
"id": "CVE-2025-5318",
"lastModified": "2025-11-11T21:15:39.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-24T14:15:30.523",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18231"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18275"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18286"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19012"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19098"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19101"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:19295"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:19300"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:19313"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:19400"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:19401"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:19470"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:19472"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:19807"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:20943"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:21013"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
msrc_cve-2025-5318
Vulnerability from csaf_microsoft
Published
2025-06-02 00:00
Modified
2025-07-18 00:00
Summary
Libssh: out-of-bounds read in sftp_handle()
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 Libssh: out-of-bounds read in sftp_handle() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-5318.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Libssh: out-of-bounds read in sftp_handle()",
"tracking": {
"current_release_date": "2025-07-18T00:00:00.000Z",
"generator": {
"date": "2025-10-20T03:23:37.600Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-5318",
"initial_release_date": "2025-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-07-17T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-07-18T00:00:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Added libssh to CBL-Mariner 2.0\nAdded libssh to Azure Linux 3.0"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 libssh 0.10.6-2",
"product": {
"name": "\u003ccbl2 libssh 0.10.6-2",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 libssh 0.10.6-2",
"product": {
"name": "cbl2 libssh 0.10.6-2",
"product_id": "19574"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libssh 0.10.6-2",
"product": {
"name": "\u003cazl3 libssh 0.10.6-2",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 libssh 0.10.6-2",
"product": {
"name": "azl3 libssh 0.10.6-2",
"product_id": "19623"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libssh 0.10.6-1",
"product": {
"name": "\u003cazl3 libssh 0.10.6-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 libssh 0.10.6-1",
"product": {
"name": "azl3 libssh 0.10.6-1",
"product_id": "18214"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libssh 0.10.6-1",
"product": {
"name": "\u003ccbl2 libssh 0.10.6-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 libssh 0.10.6-1",
"product": {
"name": "cbl2 libssh 0.10.6-1",
"product_id": "20179"
}
}
],
"category": "product_name",
"name": "libssh"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libssh 0.10.6-2 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libssh 0.10.6-2 as a component of CBL Mariner 2.0",
"product_id": "19574-17086"
},
"product_reference": "19574",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libssh 0.10.6-2 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libssh 0.10.6-2 as a component of Azure Linux 3.0",
"product_id": "19623-17084"
},
"product_reference": "19623",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libssh 0.10.6-1 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libssh 0.10.6-1 as a component of Azure Linux 3.0",
"product_id": "18214-17084"
},
"product_reference": "18214",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libssh 0.10.6-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libssh 0.10.6-1 as a component of CBL Mariner 2.0",
"product_id": "20179-17086"
},
"product_reference": "20179",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19574-17086",
"19623-17084",
"18214-17084",
"20179-17086"
],
"known_affected": [
"17086-3",
"17084-2",
"17084-4",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 Libssh: out-of-bounds read in sftp_handle() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-5318.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-17T00:00:00.000Z",
"details": "0.10.6-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3",
"17084-2",
"17084-4",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"17086-3",
"17084-2",
"17084-4",
"17086-1"
]
}
],
"title": "Libssh: out-of-bounds read in sftp_handle()"
}
]
}
ghsa-98qw-prqm-9f4p
Vulnerability from github
Published
2025-06-26 21:31
Modified
2025-11-11 21:30
Severity ?
VLAI Severity ?
Details
A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
{
"affected": [],
"aliases": [
"CVE-2025-5318"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-24T14:15:30Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"id": "GHSA-98qw-prqm-9f4p",
"modified": "2025-11-11T21:30:27Z",
"published": "2025-06-26T21:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"type": "WEB",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21013"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:20943"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19807"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19472"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19470"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19401"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19400"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19313"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19300"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19295"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19101"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19098"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19012"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:18286"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:18275"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:18231"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…