Vulnerability-Lookup

RHSA-2026:0980

Vulnerability from csaf_redhat - Published: 2026-02-03 21:03 - Updated: 2026-02-04 02:46

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.18.32 bug fix and security update

Notes

Topic

Red Hat OpenShift Container Platform release 4.18.32 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.32. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2026:0979 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ Security Fix(es): * libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend (CVE-2025-5987) * libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.18.32 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.18.32. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2026:0979\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend (CVE-2025-5987)\n* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:0980",
        "url": "https://access.redhat.com/errata/RHSA-2026:0980"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2376219",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
      },
      {
        "category": "external",
        "summary": "2392605",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0980.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.32 bug fix and security update",
    "tracking": {
      "current_release_date": "2026-02-04T02:46:30+00:00",
      "generator": {
        "date": "2026-02-04T02:46:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.16"
        }
      },
      "id": "RHSA-2026:0980",
      "initial_release_date": "2026-02-03T21:03:49+00:00",
      "revision_history": [
        {
          "date": "2026-02-03T21:03:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-02-03T21:03:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-02-04T02:46:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.18",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.18",
                  "product_id": "9Base-RHOSE-4.18",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.18::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-aarch64-418.94.202601202224-0",
                "product": {
                  "name": "rhcos-aarch64-418.94.202601202224-0",
                  "product_id": "rhcos-aarch64-418.94.202601202224-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202601202224?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-ppc64le-418.94.202601202224-0",
                "product": {
                  "name": "rhcos-ppc64le-418.94.202601202224-0",
                  "product_id": "rhcos-ppc64le-418.94.202601202224-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202601202224?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-s390x-418.94.202601202224-0",
                "product": {
                  "name": "rhcos-s390x-418.94.202601202224-0",
                  "product_id": "rhcos-s390x-418.94.202601202224-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202601202224?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-x86_64-418.94.202601202224-0",
                "product": {
                  "name": "rhcos-x86_64-418.94.202601202224-0",
                  "product_id": "rhcos-x86_64-418.94.202601202224-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202601202224?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-aarch64-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0"
        },
        "product_reference": "rhcos-aarch64-418.94.202601202224-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-ppc64le-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0"
        },
        "product_reference": "rhcos-ppc64le-418.94.202601202224-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-s390x-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0"
        },
        "product_reference": "rhcos-s390x-418.94.202601202224-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-x86_64-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
        },
        "product_reference": "rhcos-x86_64-418.94.202601202224-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-5987",
      "cwe": {
        "id": "CWE-393",
        "name": "Return of Wrong Status Code"
      },
      "discovery_date": "2025-07-03T21:55:26.394000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2376219"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security Team has rated this vulnerability as having a Moderate security impact. This is due to the high complexity in exploiting this flaw. For a successful attack to take place an attacker needs to manage to exhaust the heap space to for the OpenSSL library to return the error code which wrongly match the SSH_OK return code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
          "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
          "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
          "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-5987"
        },
        {
          "category": "external",
          "summary": "RHBZ#2376219",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-5987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5987"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5987"
        }
      ],
      "release_date": "2025-04-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-03T21:03:49+00:00",
          "details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n      (For x86_64 architecture)\n      The image digest is sha256:6177c447b98c36a42fd45fa2ba413da73d14d0a7ad3aecfa977554f5ae9583cc\n\n      (For s390x architecture)\n      The image digest is sha256:b84aa7396941fa0af870b76d528da30613f54aff04d3c7b4a6a9fa20310aad03\n\n      (For ppc64le architecture)\n      The image digest is sha256:e5b841ed0aebf1920a2e0993839e46504d9d6ff363da0b5d2d2f1daea77fbfd0\n\n      (For aarch64 architecture)\n      The image digest is sha256:5a01f33ad1a21ab6bad55d866699be803d36309fe5b099782555169b1ac78be1\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0980"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend"
    },
    {
      "cve": "CVE-2025-9714",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "discovery_date": "2025-09-02T13:03:56.452000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392605"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
          "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
          "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
          "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392605",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
        }
      ],
      "release_date": "2025-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-03T21:03:49+00:00",
          "details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n      (For x86_64 architecture)\n      The image digest is sha256:6177c447b98c36a42fd45fa2ba413da73d14d0a7ad3aecfa977554f5ae9583cc\n\n      (For s390x architecture)\n      The image digest is sha256:b84aa7396941fa0af870b76d528da30613f54aff04d3c7b4a6a9fa20310aad03\n\n      (For ppc64le architecture)\n      The image digest is sha256:e5b841ed0aebf1920a2e0993839e46504d9d6ff363da0b5d2d2f1daea77fbfd0\n\n      (For aarch64 architecture)\n      The image digest is sha256:5a01f33ad1a21ab6bad55d866699be803d36309fe5b099782555169b1ac78be1\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0980"
        },
        {
          "category": "workaround",
          "details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601202224-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601202224-0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
    }
  ]
}

CVE-2025-9714 (GCVE-0-2025-9714)

Vulnerability from cvelistv5 – Published: 2025-09-10 18:43 – Updated: 2025-11-03 18:14

Title

Stack overflow in libxml2

Summary

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

Severity ?

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

canonical

References

URL

	Vendor	Product	Version
	libxml2	libxml2	Affected: 0 , < 2.10.0 (semver) Affected: 0 , < 2.12.7+dfsg+really2.9.14-0.4ubuntu0.3 (dpkg) Affected: 0 , < 2.9.14+dfsg-1.3ubuntu3.5 (dpkg) Affected: 0 , < 2.9.13+dfsg-1ubuntu0.9 (dpkg) Affected: 0 , < 2.9.10+dfsg-5ubuntu0.20.04.10+esm2 (dpkg) Affected: 0 , < 2.9.4+dfsg1-6.1ubuntu1.9+esm5 (dpkg) Affected: 0 , < 2.9.3+dfsg1-1ubuntu0.7+esm10 (dpkg) Affected: 0 , < 2.9.1+dfsg1-3ubuntu4.13+esm9 (dpkg)

CVE-2025-5987 (GCVE-0-2025-5987)

Vulnerability from cvelistv5 – Published: 2025-07-07 14:24 – Updated: 2026-02-03 21:31

Title

Libssh: invalid return code for chacha20 poly1305 with openssl backend

Summary

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-393 - Return of Wrong Status Code

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:23483	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:23484	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0427	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0428	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0430	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0431	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0702	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0978	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0980	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0985	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0996	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-5987	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2376219	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0.10.0 , < 0.11.2 (semver)

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:0.11.1-5.el10_1 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:0.11.1-4.el10_0.1 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:0.10.4-17.el9_7 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:0.10.4-17.el9_7 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:0.10.4-9.el9_2.2 , < * (rpm) cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:0.10.4-13.el9_4.2 , < * (rpm) cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:0.10.4-15.el9_6.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/o:redhat:rhel_eus:9.6::baseos
Red Hat	Red Hat OpenShift Container Platform 4.14	Unaffected: 414.92.202601191325-0 , < * (rpm) cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	Unaffected: 416.94.202601160124-0 , < * (rpm) cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	Unaffected: 417.94.202601120213-0 , < * (rpm) cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	Unaffected: 418.94.202601202224-0 , < * (rpm) cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat OpenShift Container Platform 4.20	Unaffected: 4.20.9.6.202601211057-0 , < * (rpm) cpe:/a:redhat:openshift:4.20::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5987",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-22T04:55:54.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.libssh.org/",
          "defaultStatus": "unaffected",
          "packageName": "libssh",
          "versions": [
            {
              "lessThan": "0.11.2",
              "status": "affected",
              "version": "0.10.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.11.1-5.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.11.1-4.el10_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.10.4-17.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.10.4-17.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:9.2::baseos",
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.10.4-9.el9_2.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.4::baseos",
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.10.4-13.el9_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream",
            "cpe:/o:redhat:rhel_eus:9.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.10.4-15.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "414.92.202601191325-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "416.94.202601160124-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "417.94.202601120213-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "418.94.202601202224-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.20::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4.20",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.20.9.6.202601211057-0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libssh2",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libssh2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libssh",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-393",
              "description": "Return of Wrong Status Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T21:31:02.085Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:23483",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23483"
        },
        {
          "name": "RHSA-2025:23484",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:23484"
        },
        {
          "name": "RHSA-2026:0427",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0427"
        },
        {
          "name": "RHSA-2026:0428",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0428"
        },
        {
          "name": "RHSA-2026:0430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0430"
        },
        {
          "name": "RHSA-2026:0431",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0431"
        },
        {
          "name": "RHSA-2026:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0702"
        },
        {
          "name": "RHSA-2026:0978",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0978"
        },
        {
          "name": "RHSA-2026:0980",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0980"
        },
        {
          "name": "RHSA-2026:0985",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0985"
        },
        {
          "name": "RHSA-2026:0996",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0996"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-5987"
        },
        {
          "name": "RHBZ#2376219",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-03T21:55:26.394000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-26T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libssh: invalid return code for chacha20 poly1305 with openssl backend",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-393: Return of Wrong Status Code"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-5987",
    "datePublished": "2025-07-07T14:24:12.576Z",
    "dateReserved": "2025-06-10T21:55:45.552Z",
    "dateUpdated": "2026-02-03T21:31:02.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:0980

CVE-2025-9714 (GCVE-0-2025-9714)

CVE-2025-5987 (GCVE-0-2025-5987)

Tags

Sightings

Nomenclature