csaf_opensuse - opensuse-su-2025:20160-1

opensuse-su-2025:20160-1

Vulnerability from csaf_opensuse

Published

2025-12-12 13:20

Modified

2025-12-12 13:20

Summary

Security update for hauler

Notes

Title of the patch

Security update for hauler

Description of the patch

This update for hauler fixes the following issues: - Update to version 1.3.1 (bsc#1251516, CVE-2025-47911, bsc#1251891, CVE-2025-11579, bsc#1251651, CVE-2025-58190, bsc#1248937, CVE-2025-58058): * bump github.com/containerd/containerd (#474) * another fix to tests for new tests (#472) * fixed typo in testdata (#471) * fixed/cleaned new tests (#470) * trying a new way for hauler testing (#467) * update for cosign v3 verify (#469) * added digests view to info (#465) * bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 in the go_modules group across 1 directory (#457) * update oras-go to v1.2.7 for security patches (#464) * update cosign to v3.0.2+hauler.1 (#463) * fixed homebrew directory deprecation (#462) * add registry logout command (#460) - Update to version 1.3.0: * bump the go_modules group across 1 directory with 2 updates (#455) * upgraded versions/dependencies/deprecations (#454) * allow loading of docker tarballs (#452) * bump the go_modules group across 1 directory with 2 updates (#449) - update to 1.2.5 (bsc#1246722, CVE-2025-46569): * Bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in the go_modules group across 1 directory (CVE-2025-46569) * deprecate auth from hauler store copy * Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the go_modules group across 1 directory * Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in the go_modules group across 1 directory * upgraded go and dependencies versions - Update to version 1.2.5: * upgraded go and dependencies versions (#444) * Bump github.com/go-viper/mapstructure/v2 (#442) * bump github.com/cloudflare/circl (#441) * deprecate auth from hauler store copy (#440) * Bump github.com/open-policy-agent/opa (#438) - update to 1.2.4 (CVE-2025-22872, bsc#1241804): * Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group across 1 directory * minor tests updates - Update to version 1.2.3: * formatting and flag text updates * add keyless signature verification (#434) * bump helm.sh/helm/v3 in the go_modules group across 1 directory (#430) * add --only flag to hauler store copy (for images) (#429) * fix tlog verification error/warning output (#428) - Update to version 1.2.2 (bsc#1241184, CVE-2024-0406): * cleanup new tlog flag typos and add shorthand (#426) * default public transparency log verification to false to be airgap friendly but allow override (#425) * bump github.com/golang-jwt/jwt/v4 (#423) * bump the go_modules group across 1 directory with 2 updates (#422) * bump github.com/go-jose/go-jose/v3 (#417) * bump github.com/go-jose/go-jose/v4 (#415) * clear default manifest name if product flag used with sync (#412) * updates for v1.2.0 (#408) * fixed remote code (#407) * added remote file fetch to load (#406) * added remote and multiple file fetch to sync (#405) * updated save flag and related logs (#404) * updated load flag and related logs [breaking change] (#403) * updated sync flag and related logs [breaking change] (#402) * upgraded api update to v1/updated dependencies (#400) * fixed consts for oci declarations (#398) * fix for correctly grabbing platform post cosign 2.4 updates (#393) * use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390) * Bump the go_modules group across 1 directory with 2 updates (#385) * replace mholt/archiver with mholt/archives (#384) * forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383) * cleaned up registry and improved logging (#378) * Bump golang.org/x/crypto in the go_modules group across 1 directory (#377) - bump net/html dependencies (bsc#1235332, CVE-2024-45338) - Update to version 1.1.1: * fixed cli desc for store env var (#374) * updated versions for go/k8s/helm (#373) * updated version flag to internal/flags (#369) * renamed incorrectly named consts (#371) * added store env var (#370) * adding ignore errors and retries for continue on error/fail on error (#368) * updated/fixed hauler directory (#354) * standardize consts (#353) * removed cachedir code (#355) * removed k3s code (#352) * updated dependencies for go, helm, and k8s (#351) * [feature] build with boring crypto where available (#344) * updated workflow to goreleaser builds (#341) * added timeout to goreleaser workflow (#340) * trying new workflow build processes (#337) * improved workflow performance (#336) * have extract use proper ref (#335) * yet another workflow goreleaser fix (#334) * even more workflow fixes (#333) * added more fixes to github workflow (#332) * fixed typo in hauler store save (#331) * updates to fix build processes (#330) * added integration tests for non hauler tarballs (#325) * bump: golang >= 1.23.1 (#328) * add platform flag to store save (#329) * Update feature_request.md * updated/standardize command descriptions (#313) * use new annotation for 'store save' manifest.json (#324) * enable docker load for hauler tarballs (#320) * bump to cosign v2.2.3-carbide.3 for new annotation (#322) * continue on error when adding images to store (#317) * Update README.md (#318) * fixed completion commands (#312) * github.com/rancherfederal/hauler => hauler.dev/go/hauler (#311) * pages: enable go install hauler.dev/go/hauler (#310) * Create CNAME * pages: initial workflow (#309) * testing and linting updates (#305) * feat-273: TLS Flags (#303) * added list-repos flag (#298) * fixed hauler login typo (#299) * updated cobra function for shell completion (#304) * updated install.sh to remove github api (#293) * fix image ref keys getting squashed when containing sigs/atts (#291) * fix missing versin info in release build (#283) * bump github.com/docker/docker in the go_modules group across 1 directory (#281) * updated install script (`install.sh`) (#280) * fix digest images being lost on load of hauls (Signed). (#259) * feat: add readonly flag (#277) * fixed makefile for goreleaser v2 changes (#278) * updated goreleaser versioning defaults (#279) * update feature_request.md (#274) * updated old references * updated actions workflow user * added dockerhub to github actions workflow * removed helm chart * added debug container and workflow * updated products flag description * updated chart for release * fixed workflow errors/warnings * fixed permissions on testdata * updated chart versions (will need to update again) * last bit of fixes to workflow * updated unit test workflow * updated goreleaser deprecations * added helm chart release job * updated github template names * updated imports (and go fmt) * formatted gitignore to match dockerignore * formatted all code (go fmt) * updated chart tests for new features * Adding the timeout flag for fileserver command * Configure chart commands to use helm clients for OCI and private registry support * Added some documentation text to sync command * Bump golang.org/x/net from 0.17.0 to 0.23.0 * fix for dup digest smashing in cosign * removed vagrant scripts * last bit of updates and formatting of chart * updated hauler testdata * adding functionality and cleaning up * added initial helm chart * removed tag in release workflow * updated/fixed image ref in release workflow * updated/fixed platforms in release workflow * updated/cleaned github actions (#222) * Make Product Registry configurable (#194) * updated fileserver directory name (#219) * fix logging for files * add extra info for the tempdir override flag * tempdir override flag for load * deprecate the cache flag instead of remove * switch to using bci-golang as builder image * fix: ensure /tmp for hauler store load * added the copy back for now * remove copy at the image sync not needed with cosign update * removed misleading cache flag * better logging when adding to store * update to v2.2.3 of our cosign fork * add: dockerignore * add: Dockerfile * Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 * Bump github.com/docker/docker * updated and added new logos * updated github files

Patchnames

openSUSE-Leap-16.0-packagehub-54

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for hauler",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for hauler fixes the following issues:\n\n- Update to version 1.3.1 (bsc#1251516, CVE-2025-47911,\n  bsc#1251891, CVE-2025-11579, bsc#1251651, CVE-2025-58190,\n  bsc#1248937, CVE-2025-58058):\n  * bump github.com/containerd/containerd (#474)\n  * another fix to tests for new tests (#472)\n  * fixed typo in testdata (#471)\n  * fixed/cleaned new tests (#470)\n  * trying a new way for hauler testing (#467)\n  * update for cosign v3 verify (#469)\n  * added digests view to info (#465)\n  * bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 in the go_modules group across 1 directory (#457)\n  * update oras-go to v1.2.7 for security patches (#464)\n  * update cosign to v3.0.2+hauler.1 (#463)\n  * fixed homebrew directory deprecation (#462)\n  * add registry logout command (#460)\n\n- Update to version 1.3.0:\n  * bump the go_modules group across 1 directory with 2 updates (#455)\n  * upgraded versions/dependencies/deprecations (#454)\n  * allow loading of docker tarballs (#452)\n  * bump the go_modules group across 1 directory with 2 updates (#449)\n\n- update to 1.2.5 (bsc#1246722, CVE-2025-46569):\n  * Bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in\n    the go_modules group across 1 directory (CVE-2025-46569)\n  * deprecate auth from hauler store copy\n  * Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the\n    go_modules group across 1 directory\n  * Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0\n    in the go_modules group across 1 directory\n  * upgraded go and dependencies versions\n\n- Update to version 1.2.5:\n  * upgraded go and dependencies versions (#444)\n  * Bump github.com/go-viper/mapstructure/v2 (#442)\n  * bump github.com/cloudflare/circl (#441)\n  * deprecate auth from hauler store copy (#440)\n  * Bump github.com/open-policy-agent/opa (#438)\n\n- update to 1.2.4 (CVE-2025-22872, bsc#1241804):\n  * Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules\n    group across 1 directory\n  * minor tests updates\n\n- Update to version 1.2.3:\n  * formatting and flag text updates\n  * add keyless signature verification (#434)\n  * bump helm.sh/helm/v3 in the go_modules group across 1 directory (#430)\n  * add --only flag to hauler store copy (for images) (#429)\n  * fix tlog verification error/warning output (#428)\n\n- Update to version 1.2.2 (bsc#1241184, CVE-2024-0406):\n  * cleanup new tlog flag typos and add shorthand (#426)\n  * default public transparency log verification to false to be airgap friendly but allow override (#425)\n  * bump github.com/golang-jwt/jwt/v4 (#423)\n  * bump the go_modules group across 1 directory with 2 updates (#422)\n  * bump github.com/go-jose/go-jose/v3 (#417)\n  * bump github.com/go-jose/go-jose/v4 (#415)\n  * clear default manifest name if product flag used with sync (#412)\n  * updates for v1.2.0 (#408)\n  * fixed remote code (#407)\n  * added remote file fetch to load (#406)\n  * added remote and multiple file fetch to sync (#405)\n  * updated save flag and related logs (#404)\n  * updated load flag and related logs [breaking change] (#403)\n  * updated sync flag and related logs [breaking change] (#402)\n  * upgraded api update to v1/updated dependencies (#400)\n  * fixed consts for oci declarations (#398)\n  * fix for correctly grabbing platform post cosign 2.4 updates (#393)\n  * use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390)\n  * Bump the go_modules group across 1 directory with 2 updates (#385)\n  * replace mholt/archiver with mholt/archives (#384)\n  * forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383)\n  * cleaned up registry and improved logging (#378)\n  * Bump golang.org/x/crypto in the go_modules group across 1 directory (#377)\n- bump net/html dependencies (bsc#1235332, CVE-2024-45338)\n\n- Update to version 1.1.1:\n  * fixed cli desc for store env var (#374)\n  * updated versions for go/k8s/helm (#373)\n  * updated version flag to internal/flags (#369)\n  * renamed incorrectly named consts (#371)\n  * added store env var (#370)\n  * adding ignore errors and retries for continue on error/fail on error (#368)\n  * updated/fixed hauler directory (#354)\n  * standardize consts (#353)\n  * removed cachedir code (#355)\n  * removed k3s code (#352)\n  * updated dependencies for go, helm, and k8s (#351)\n  * [feature] build with boring crypto where available (#344)\n  * updated workflow to goreleaser builds (#341)\n  * added timeout to goreleaser workflow (#340)\n  * trying new workflow build processes (#337)\n  * improved workflow performance (#336)\n  * have extract use proper ref (#335)\n  * yet another workflow goreleaser fix (#334)\n  * even more workflow fixes (#333)\n  * added more fixes to github workflow (#332)\n  * fixed typo in hauler store save (#331)\n  * updates to fix build processes (#330)\n  * added integration tests for non hauler tarballs (#325)\n  * bump: golang \u003e= 1.23.1 (#328)\n  * add platform flag to store save (#329)\n  * Update feature_request.md\n  * updated/standardize command descriptions (#313)\n  * use new annotation for \u0027store save\u0027 manifest.json (#324)\n  * enable docker load for hauler tarballs (#320)\n  * bump to cosign v2.2.3-carbide.3 for new annotation (#322)\n  * continue on error when adding images to store (#317)\n  * Update README.md (#318)\n  * fixed completion commands (#312)\n  * github.com/rancherfederal/hauler =\u003e hauler.dev/go/hauler (#311)\n  * pages: enable go install hauler.dev/go/hauler (#310)\n  * Create CNAME\n  * pages: initial workflow (#309)\n  * testing and linting updates (#305)\n  * feat-273: TLS Flags (#303)\n  * added list-repos flag (#298)\n  * fixed hauler login typo (#299)\n  * updated cobra function for shell completion (#304)\n  * updated install.sh to remove github api (#293)\n  * fix image ref keys getting squashed when containing sigs/atts (#291)\n  * fix missing versin info in release build (#283)\n  * bump github.com/docker/docker in the go_modules group across 1 directory (#281)\n  * updated install script (`install.sh`) (#280)\n  * fix digest images being lost on load of hauls (Signed). (#259)\n  * feat: add readonly flag (#277)\n  * fixed makefile for goreleaser v2 changes (#278)\n  * updated goreleaser versioning defaults (#279)\n  * update feature_request.md (#274)\n  * updated old references\n  * updated actions workflow user\n  * added dockerhub to github actions workflow\n  * removed helm chart\n  * added debug container and workflow\n  * updated products flag description\n  * updated chart for release\n  * fixed workflow errors/warnings\n  * fixed permissions on testdata\n  * updated chart versions (will need to update again)\n  * last bit of fixes to workflow\n  * updated unit test workflow\n  * updated goreleaser deprecations\n  * added helm chart release job\n  * updated github template names\n  * updated imports (and go fmt)\n  * formatted gitignore to match dockerignore\n  * formatted all code (go fmt)\n  * updated chart tests for new features\n  * Adding the timeout flag for fileserver command\n  * Configure chart commands to use helm clients for OCI and private registry support\n  * Added some documentation text to sync command\n  * Bump golang.org/x/net from 0.17.0 to 0.23.0\n  * fix for dup digest smashing in cosign\n  * removed vagrant scripts\n  * last bit of updates and formatting of chart\n  * updated hauler testdata\n  * adding functionality and cleaning up\n  * added initial helm chart\n  * removed tag in release workflow\n  * updated/fixed image ref in release workflow\n  * updated/fixed platforms in release workflow\n  * updated/cleaned github actions (#222)\n  * Make Product Registry configurable (#194)\n  * updated fileserver directory name (#219)\n  * fix logging for files\n  * add extra info for the tempdir override flag\n  * tempdir override flag for load\n  * deprecate the cache flag instead of remove\n  * switch to using bci-golang as builder image\n  * fix: ensure /tmp for hauler store load\n  * added the copy back for now\n  * remove copy at the image sync not needed with cosign update\n  * removed misleading cache flag\n  * better logging when adding to store\n  * update to v2.2.3 of our cosign fork\n  * add: dockerignore\n  * add: Dockerfile\n  * Bump google.golang.org/protobuf from 1.31.0 to 1.33.0\n  * Bump github.com/docker/docker\n  * updated and added new logos\n  * updated github files\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-packagehub-54",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_20160-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235332",
        "url": "https://bugzilla.suse.com/1235332"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241184",
        "url": "https://bugzilla.suse.com/1241184"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241804",
        "url": "https://bugzilla.suse.com/1241804"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1246722",
        "url": "https://bugzilla.suse.com/1246722"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1248937",
        "url": "https://bugzilla.suse.com/1248937"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251516",
        "url": "https://bugzilla.suse.com/1251516"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251651",
        "url": "https://bugzilla.suse.com/1251651"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251891",
        "url": "https://bugzilla.suse.com/1251891"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-0406 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-0406/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-45338 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-45338/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11579 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11579/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22872 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22872/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-46569 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-46569/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-47911 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-47911/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-58058 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-58058/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-58190 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-58190/"
      }
    ],
    "title": "Security update for hauler",
    "tracking": {
      "current_release_date": "2025-12-12T13:20:11Z",
      "generator": {
        "date": "2025-12-12T13:20:11Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:20160-1",
      "initial_release_date": "2025-12-12T13:20:11Z",
      "revision_history": [
        {
          "date": "2025-12-12T13:20:11Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hauler-1.3.1-bp160.1.1.aarch64",
                "product": {
                  "name": "hauler-1.3.1-bp160.1.1.aarch64",
                  "product_id": "hauler-1.3.1-bp160.1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hauler-1.3.1-bp160.1.1.x86_64",
                "product": {
                  "name": "hauler-1.3.1-bp160.1.1.x86_64",
                  "product_id": "hauler-1.3.1-bp160.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hauler-1.3.1-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64"
        },
        "product_reference": "hauler-1.3.1-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hauler-1.3.1-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        },
        "product_reference": "hauler-1.3.1-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0406",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-0406"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user\u0027s or application\u0027s privileges using the library.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-0406",
          "url": "https://www.suse.com/security/cve/CVE-2024-0406"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241181 for CVE-2024-0406",
          "url": "https://bugzilla.suse.com/1241181"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-12T13:20:11Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-0406"
    },
    {
      "cve": "CVE-2024-45338",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-45338"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-45338",
          "url": "https://www.suse.com/security/cve/CVE-2024-45338"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234794 for CVE-2024-45338",
          "url": "https://bugzilla.suse.com/1234794"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-12T13:20:11Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-45338"
    },
    {
      "cve": "CVE-2025-11579",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11579"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "github.com/nwaples/rardecode versions \u003c=2.1.1 fail to restrict the dictionary size when reading  large RAR  dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11579",
          "url": "https://www.suse.com/security/cve/CVE-2025-11579"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251871 for CVE-2025-11579",
          "url": "https://bugzilla.suse.com/1251871"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-12T13:20:11Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-11579"
    },
    {
      "cve": "CVE-2025-22872",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22872"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22872",
          "url": "https://www.suse.com/security/cve/CVE-2025-22872"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241710 for CVE-2025-22872",
          "url": "https://bugzilla.suse.com/1241710"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-12T13:20:11Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22872"
    },
    {
      "cve": "CVE-2025-46569",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-46569"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used for policy evaluation. A HTTP request path can be crafted in a way that injects Rego code into the constructed query. The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack. This issue has been patched in version 1.4.0. A workaround involves having network access to OPA\u0027s RESTful APIs being limited to `localhost` and/or trusted networks, unless necessary for production reasons.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-46569",
          "url": "https://www.suse.com/security/cve/CVE-2025-46569"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246710 for CVE-2025-46569",
          "url": "https://bugzilla.suse.com/1246710"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-12T13:20:11Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-46569"
    },
    {
      "cve": "CVE-2025-47911",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-47911"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-47911",
          "url": "https://www.suse.com/security/cve/CVE-2025-47911"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251308 for CVE-2025-47911",
          "url": "https://bugzilla.suse.com/1251308"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-12T13:20:11Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-47911"
    },
    {
      "cve": "CVE-2025-58058",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-58058"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-58058",
          "url": "https://www.suse.com/security/cve/CVE-2025-58058"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248889 for CVE-2025-58058",
          "url": "https://bugzilla.suse.com/1248889"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-12T13:20:11Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-58058"
    },
    {
      "cve": "CVE-2025-58190",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-58190"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-58190",
          "url": "https://www.suse.com/security/cve/CVE-2025-58190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251309 for CVE-2025-58190",
          "url": "https://bugzilla.suse.com/1251309"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-12-12T13:20:11Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-58190"
    }
  ]
}

CVE-2024-0406 (GCVE-0-2024-0406)

Vulnerability from cvelistv5

Published

2024-04-06 16:11

Modified

2025-11-20 18:08

Severity ?

6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:2449	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-0406	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2257749	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Version: v3.0.0 < *
Patch: v4.0.0 < *

Red Hat	Red Hat OpenShift Container Platform 4.18	Unaffected: v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9 < * cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat Advanced Cluster Security 3	cpe:/a:redhat:advanced_cluster_security:3
Red Hat	Red Hat Advanced Cluster Security 3	cpe:/a:redhat:advanced_cluster_security:3
Red Hat	Red Hat Advanced Cluster Security 3	cpe:/a:redhat:advanced_cluster_security:3
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T19:56:01.225454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:38.198Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:04:49.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0406"
          },
          {
            "name": "RHBZ#2257749",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/mholt/archiver",
          "defaultStatus": "unaffected",
          "packageName": "archiver",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "v3.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/oc-mirror-plugin-rhel9",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-main-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:3"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
          "product": "Red Hat Advanced Cluster Security 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "advanced-cluster-security/rhacs-main-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Stefan Cornelius (Red Hat)."
        }
      ],
      "datePublic": "2024-01-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user\u0027s or application\u0027s privileges using the library."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:08:52.704Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:2449",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2449"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0406"
        },
        {
          "name": "RHBZ#2257749",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257749"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-10T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-31T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Mholt/archiver: path traversal vulnerability",
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0406",
    "datePublished": "2024-04-06T16:11:02.643Z",
    "dateReserved": "2024-01-10T18:18:28.288Z",
    "dateUpdated": "2025-11-20T18:08:52.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-46569 (GCVE-0-2025-46569)

Vulnerability from cvelistv5

Published

2025-05-01 19:32

Modified

2025-05-02 18:08

Severity ?

7.4 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H

CWE

CWE-863 - Incorrect Authorization
CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used for policy evaluation. A HTTP request path can be crafted in a way that injects Rego code into the constructed query. The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack. This issue has been patched in version 1.4.0. A workaround involves having network access to OPA’s RESTful APIs being limited to `localhost` and/or trusted networks, unless necessary for production reasons.

References

URL

Tags

	https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7	x_refsource_CONFIRM
	https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	open-policy-agent	opa	Version: < 1.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46569",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T18:08:05.851856Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T18:08:19.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "opa",
          "vendor": "open-policy-agent",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used for policy evaluation. A HTTP request path can be crafted in a way that injects Rego code into the constructed query. The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack. This issue has been patched in version 1.4.0. A workaround involves having network access to OPA\u2019s RESTful APIs being limited to `localhost` and/or trusted networks, unless necessary for production reasons."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-01T19:32:47.988Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7"
        },
        {
          "name": "https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c"
        }
      ],
      "source": {
        "advisory": "GHSA-6m8w-jc87-6cr7",
        "discovery": "UNKNOWN"
      },
      "title": "OPA server Data API HTTP path injection of Rego"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-46569",
    "datePublished": "2025-05-01T19:32:47.988Z",
    "dateReserved": "2025-04-24T21:10:48.175Z",
    "dateUpdated": "2025-05-02T18:08:19.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22872 (GCVE-0-2025-22872)

Vulnerability from cvelistv5

Published

2025-04-16 17:13

Modified

2025-05-16 23:03

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE

CWE-79

Summary

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

References

URL

Tags

	https://go.dev/cl/662715
	https://go.dev/issue/73070
	https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA
	https://pkg.go.dev/vuln/GO-2025-3595

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/html	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22872",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T20:14:29.607584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T20:15:13.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-16T23:03:07.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250516-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "Tokenizer.readStartTag"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            },
            {
              "name": "Tokenizer.Next"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.38.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sean Ng (https://ensy.zip)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-16T17:13:02.550Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/662715"
        },
        {
          "url": "https://go.dev/issue/73070"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3595"
        }
      ],
      "title": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-22872",
    "datePublished": "2025-04-16T17:13:02.550Z",
    "dateReserved": "2025-01-08T19:11:42.834Z",
    "dateUpdated": "2025-05-16T23:03:07.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-58058 (GCVE-0-2025-58058)

Vulnerability from cvelistv5

Published

2025-08-28 21:54

Modified

2025-08-29 13:23

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.

References

URL

Tags

	https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9	x_refsource_CONFIRM
	https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	ulikunitz	xz	Version: < 0.5.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58058",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-29T13:22:52.507752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-29T13:23:07.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xz",
          "vendor": "ulikunitz",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.5.14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T21:54:05.561Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9"
        },
        {
          "name": "https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2"
        }
      ],
      "source": {
        "advisory": "GHSA-jc7w-c686-c4v9",
        "discovery": "UNKNOWN"
      },
      "title": "github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58058",
    "datePublished": "2025-08-28T21:54:05.561Z",
    "dateReserved": "2025-08-22T14:30:32.221Z",
    "dateUpdated": "2025-08-29T13:23:07.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45338 (GCVE-0-2024-45338)

Vulnerability from cvelistv5

Published

2024-12-18 20:38

Modified

2025-02-21 18:03

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-405: Asymmetric Resource Consumption (Amplification)

Summary

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

References

URL

Tags

	https://go.dev/cl/637536
	https://go.dev/issue/70906
	https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
	https://pkg.go.dev/vuln/GO-2024-3333

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/html	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-31T19:51:42.228627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "CWE-1333 Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-31T19:55:04.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-21T18:03:32.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250221-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parseDoctype"
            },
            {
              "name": "htmlIntegrationPoint"
            },
            {
              "name": "inTableIM"
            },
            {
              "name": "inBodyIM"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.33.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T20:38:22.660Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/637536"
        },
        {
          "url": "https://go.dev/issue/70906"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3333"
        }
      ],
      "title": "Non-linear parsing of case-insensitive content in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-45338",
    "datePublished": "2024-12-18T20:38:22.660Z",
    "dateReserved": "2024-08-27T19:41:58.555Z",
    "dateUpdated": "2025-02-21T18:03:32.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11579 (GCVE-0-2025-11579)

Vulnerability from cvelistv5

Published

2025-10-10 11:15

Modified

2025-12-02 09:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-789 - Memory Allocation with Excessive Size Value

Summary

github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.

References

URL

Tags

https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9

Impacted products

	Vendor	Product	Version
	nwaples	rardecode	Version: 2.0.1 ≤ 2.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T12:40:54.486493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-10T12:41:22.168Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "rardecode",
          "vendor": "nwaples",
          "versions": [
            {
              "lessThanOrEqual": "2.1.1",
              "status": "affected",
              "version": "2.0.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2.2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Juho Fors\u00e9n"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "github.com/nwaples/rardecode versions \u0026lt;=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash."
            }
          ],
          "value": "github.com/nwaples/rardecode versions \u003c=2.1.1 fail to restrict the dictionary size when reading\u00a0large RAR\u00a0dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789: Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-02T09:30:03.452Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to github.com/nwaples/rardecode v2.2.0 or higher"
            }
          ],
          "value": "Update to\u00a0github.com/nwaples/rardecode v2.2.0 or higher"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DoS via Out Of Memory Crash",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2025-11579",
    "datePublished": "2025-10-10T11:15:15.163Z",
    "dateReserved": "2025-10-10T09:12:41.410Z",
    "dateUpdated": "2025-12-02T09:30:03.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2025:20160-1

Vulnerability from csaf_opensuse

CVE-2024-0406 (GCVE-0-2024-0406)

Vulnerability from cvelistv5

CVE-2025-46569 (GCVE-0-2025-46569)

Vulnerability from cvelistv5

CVE-2025-22872 (GCVE-0-2025-22872)

Vulnerability from cvelistv5

CVE-2025-58058 (GCVE-0-2025-58058)

Vulnerability from cvelistv5

CVE-2024-45338 (GCVE-0-2024-45338)

Vulnerability from cvelistv5

CVE-2025-11579 (GCVE-0-2025-11579)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature