RHSA-2026:2681
Vulnerability from csaf_redhat - Published: 2026-02-12 17:29 - Updated: 2026-02-13 06:10Summary
Red Hat Security Advisory: Red Hat Quay 3.16.2
Notes
Topic
Red Hat Quay 3.16.2 is now available with bug fixes.
Details
Quay 3.16.2
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.2 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2681",
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-31133",
"url": "https://access.redhat.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2681.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.2",
"tracking": {
"current_release_date": "2026-02-13T06:10:30+00:00",
"generator": {
"date": "2026-02-13T06:10:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2681",
"initial_release_date": "2026-02-12T17:29:21+00:00",
"revision_history": [
{
"date": "2026-02-12T17:29:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-12T17:29:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-13T06:10:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ae3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ac96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Aafe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Abf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Abbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816239"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Adda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770817752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230686"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Afa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770841176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-31133",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:17:18.235000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404705"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container\u0027s /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "RHBZ#2404705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix\nDAC and thus user namespaces stop a container process from being able to write to them.\n\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n\n* Depending on the maskedPath configuration (the default configuratio nonly masks paths in /proc and /sys), using an AppArmor that blocks unexpectedwrites to any maskedPaths (as is the case with the defaultprofile used by Docker and Podman) will block attempts to exploit this issue. However, CVE-2025-52881 allows an attacker to bypass LSMlabels, and so this mitigation is not helpful when considered incombination with CVE-2025-52881.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…