csaf_redhat - rhsa-2025:1487

rhsa-2025:1487

Vulnerability from csaf_redhat

Published

2025-02-13 20:14

Modified

2025-02-17 02:03

Summary

Red Hat Security Advisory: updated discovery container images

Notes

Topic

Updated container images are now available for Discovery 1.12.1.

Details

The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References). Dockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated container images are now available for Discovery 1.12.1.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Discovery container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:1487",
        "url": "https://access.redhat.com/errata/RHSA-2025:1487"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2342118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342118"
      },
      {
        "category": "external",
        "summary": "2342757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342757"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1487.json"
      }
    ],
    "title": "Red Hat Security Advisory: updated discovery container images",
    "tracking": {
      "current_release_date": "2025-02-17T02:03:07+00:00",
      "generator": {
        "date": "2025-02-17T02:03:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.3.1"
        }
      },
      "id": "RHSA-2025:1487",
      "initial_release_date": "2025-02-13T20:14:49+00:00",
      "revision_history": [
        {
          "date": "2025-02-13T20:14:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-02-13T20:14:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-02-17T02:03:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Discovery 1 for RHEL 9",
                "product": {
                  "name": "Discovery 1 for RHEL 9",
                  "product_id": "9Base-discovery-1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:discovery:1.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Discovery"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
                "product": {
                  "name": "discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
                  "product_id": "discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1.12.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
                "product": {
                  "name": "discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
                  "product_id": "discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1.12.0-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
                "product": {
                  "name": "discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
                  "product_id": "discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1.12.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64",
                "product": {
                  "name": "discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64",
                  "product_id": "discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1.12.0-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64 as a component of Discovery 1 for RHEL 9",
          "product_id": "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64"
        },
        "product_reference": "discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
        "relates_to_product_reference": "9Base-discovery-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64 as a component of Discovery 1 for RHEL 9",
          "product_id": "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64"
        },
        "product_reference": "discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
        "relates_to_product_reference": "9Base-discovery-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64 as a component of Discovery 1 for RHEL 9",
          "product_id": "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64"
        },
        "product_reference": "discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
        "relates_to_product_reference": "9Base-discovery-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64 as a component of Discovery 1 for RHEL 9",
          "product_id": "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
        },
        "product_reference": "discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64",
        "relates_to_product_reference": "9Base-discovery-1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-49043",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-01-26T06:00:41.448197+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2342118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxml: use-after-free in xmlXIncludeAddNode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as moderate instead of important because memory allocation failures are not typically controllable by an attacker, limiting their exploitability. While improper handling of malloc failures can lead to crashes, memory leaks, or inconsistent states, it does not directly result in privilege escalation or arbitrary code execution. \n\nAdditionally, in most real-world scenarios, failures due to memory exhaustion occur under extreme system stress rather than as part of an intentional attack vector.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
          "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
          "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
          "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-49043"
        },
        {
          "category": "external",
          "summary": "RHBZ#2342118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-49043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-49043",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49043"
        },
        {
          "category": "external",
          "summary": "https://github.com/php/php-src/issues/17467",
          "url": "https://github.com/php/php-src/issues/17467"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b"
        }
      ],
      "release_date": "2025-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-13T20:14:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1487"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxml: use-after-free in xmlXIncludeAddNode"
    },
    {
      "cve": "CVE-2024-12797",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2025-01-29T09:25:13.972000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2342757"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSL\u0027s RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server\u0027s RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The version of OpenSSL in RHEL-9.5 is affected by this vulnerability. However, earlier releases of OpenSSL in RHEL are not affected. This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server\u0027s RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. \n\nClients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
          "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
          "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
          "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-12797"
        },
        {
          "category": "external",
          "summary": "RHBZ#2342757",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342757"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-12797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12797"
        }
      ],
      "release_date": "2025-02-11T15:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-13T20:14:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:1487"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:0039a72903a937c9a1911349c2dc773e7eda419e455673d37dfc78a668997a7d_amd64",
            "9Base-discovery-1:discovery/discovery-server-rhel9@sha256:3cad667d877279a9bbe7e98caa8c987a98f4a57776ecd317f37869c450e3c97c_arm64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:249741f52ed19d2af800609f8b0a1c75994556def2964ee754afc5b95758ab40_amd64",
            "9Base-discovery-1:discovery/discovery-ui-rhel9@sha256:86850a0b8c5f4268874eb4f3e80af4cd7fd83803d08db278741c7c5311e5f1eb_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openssl: RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected"
    }
  ]
}

cve-2022-49043

Vulnerability from cvelistv5

Published

2025-01-26 00:00

Modified

2025-01-27 14:53

Severity ?

8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

References

▼	URL	Tags
	https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b
	https://github.com/php/php-src/issues/17467

Impacted products

	Vendor	Product	Version
	xmlsoft	libxml2	Version: 2.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-49043",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T14:52:22.888573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-27T14:53:01.116Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libxml2",
          "vendor": "xmlsoft",
          "versions": [
            {
              "lessThan": "2.11.0",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.11.0",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-26T05:28:37.041Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b"
        },
        {
          "url": "https://github.com/php/php-src/issues/17467"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-49043",
    "datePublished": "2025-01-26T00:00:00.000Z",
    "dateReserved": "2025-01-26T00:00:00.000Z",
    "dateUpdated": "2025-01-27T14:53:01.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-12797

Vulnerability from cvelistv5

Published

2025-02-11 15:59

Modified

2025-02-18 14:01

Severity ?

Summary

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected. This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

References

▼	URL	Tags
	https://openssl-library.org/news/secadv/20250211.txt	vendor-advisory
	https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9	patch
	https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699	patch
	https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7	patch

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: 3.4.0 ≤ Version: 3.3.0 ≤ Version: 3.2.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-15T00:10:32.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/11/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/11/4"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250214-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T20:24:14.595864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T14:01:55.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.4.1",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.3",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.4",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Apple Inc."
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2025-02-11T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\u003cbr\u003eserver may fail to notice that the server was not authenticated, because\u003cbr\u003ehandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\u003cbr\u003eis set.\u003cbr\u003e\u003cbr\u003eImpact summary: TLS and DTLS connections using raw public keys may be\u003cbr\u003evulnerable to man-in-middle attacks when server authentication failure is not\u003cbr\u003edetected by clients.\u003cbr\u003e\u003cbr\u003eRPKs are disabled by default in both TLS clients and TLS servers.  The issue\u003cbr\u003eonly arises when TLS clients explicitly enable RPK use by the server, and the\u003cbr\u003eserver, likewise, enables sending of an RPK instead of an X.509 certificate\u003cbr\u003echain.  The affected clients are those that then rely on the handshake to\u003cbr\u003efail when the server\u0027s RPK fails to match one of the expected public keys,\u003cbr\u003eby setting the verification mode to SSL_VERIFY_PEER.\u003cbr\u003e\u003cbr\u003eClients that enable server-side raw public keys can still find out that raw\u003cbr\u003epublic key verification failed by calling SSL_get_verify_result(), and those\u003cbr\u003ethat do, and take appropriate action, are not affected.  This issue was\u003cbr\u003eintroduced in the initial implementation of RPK support in OpenSSL 3.2.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
            }
          ],
          "value": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers.  The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain.  The affected clients are those that then rely on the handshake to\nfail when the server\u0027s RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected.  This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "High"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-392",
              "description": "CWE-392 Missing Report of Error Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T15:59:36.719Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20250211.txt"
        },
        {
          "name": "3.4.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9"
        },
        {
          "name": "3.3.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699"
        },
        {
          "name": "3.2.4 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-12797",
    "datePublished": "2025-02-11T15:59:36.719Z",
    "dateReserved": "2024-12-19T13:54:37.212Z",
    "dateUpdated": "2025-02-18T14:01:55.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:1487

Vulnerability from csaf_redhat

cve-2022-49043

Vulnerability from cvelistv5

cve-2024-12797

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature