RHSA-2026:2754
Vulnerability from csaf_redhat - Published: 2026-02-16 15:43 - Updated: 2026-02-18 17:56Summary
Red Hat Security Advisory: Red Hat Quay 3.9.18
Notes
Topic
Red Hat Quay 3.9.18 is now available with bug fixes.
Details
Quay 3.9.18
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.18 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.18",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2754",
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2754.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.18",
"tracking": {
"current_release_date": "2026-02-18T17:56:04+00:00",
"generator": {
"date": "2026-02-18T17:56:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2754",
"initial_release_date": "2026-02-16T15:43:51+00:00",
"revision_history": [
{
"date": "2026-02-16T15:43:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T17:04:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-18T17:56:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249996"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249993"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ac30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ae2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Abb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…