RHSA-2026:2800
Vulnerability from csaf_redhat - Published: 2026-02-17 09:23 - Updated: 2026-02-18 17:56Summary
Red Hat Security Advisory: Red Hat Ceph Storage
Notes
Topic
A new version of Red Hat build of Ceph Storage has been released
Details
The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1.
This release updates to the latest version.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2800",
"url": "https://access.redhat.com/errata/RHSA-2026:2800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-31884",
"url": "https://access.redhat.com/security/cve/CVE-2024-31884"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14104",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6176",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7783",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2800.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2026-02-18T17:56:07+00:00",
"generator": {
"date": "2026-02-18T17:56:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2800",
"initial_release_date": "2026-02-17T09:23:04+00:00",
"revision_history": [
{
"date": "2026-02-17T09:23:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-17T09:23:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-18T17:56:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 7",
"product": {
"name": "Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770708805"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770649398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Ac3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770650099"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Acffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770649294"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3A485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770642181"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770708805"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ad7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770708805"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770649398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770650099"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770649294"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3Ac22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Ae14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770642181"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770708805"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770649398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770650099"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Aa57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770649294"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3Adf2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770642181"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Martin Schobert"
]
}
],
"cve": "CVE-2024-31884",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-08-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389907"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pybind: Improper use of Pybind",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31884"
},
{
"category": "external",
"summary": "RHBZ#2389907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31884"
}
],
"release_date": "2026-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T09:23:04+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pybind: Improper use of Pybind"
},
{
"cve": "CVE-2025-6176",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-31T01:00:56.408048+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408762"
}
],
"notes": [
{
"category": "description",
"text": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in Scrapy\u0027s brotli decompression implementation allows remote attackers to trigger a denial of service by sending specially crafted brotli-compressed data. This can lead to excessive memory consumption and system instability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "RHBZ#2408762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0",
"url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"
}
],
"release_date": "2025-10-31T00:00:21.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T09:23:04+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS"
},
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-07-18T17:00:43.396637+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2381959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data.\n\nThis presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: Unsafe random function in form-data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect host systems. The impact of this vulnerability is limited to specific applications which integrate the `form-data` library. As a result the impact of this CVE is limited on RedHat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "RHBZ#2381959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0",
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"release_date": "2025-07-18T16:34:44.889000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T09:23:04+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "form-data: Unsafe random function in form-data"
},
{
"cve": "CVE-2025-14104",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-05T14:16:36.004000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419369"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "RHBZ#2419369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T09:23:04+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T09:23:04+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2800"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T09:23:04+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2800"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:014ca9e66e06e96ddba3dd24f9796dbd423a737b4251f3ee3707373c0dd8e5a9_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dd48448925ea6f01b931123341c64c9c36be26522ca2949a2582c503b4d9813_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:81c6a248c341927ff595c3bda38576f83aafc2bb5305e4fd82ec2d037a8a6795_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d7e8d93331a4bab6da651c54e889d2276d7681f15fc8e6aeff4b1964463894ef_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:22b40eda7694aa76f9c327b90cfe9090f3afc49efe792b512557e7f85adbb5fc_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:70f461842375bb3f8a95d21f3bd24e656a256375e719c40e8dffbca2e1f477fc_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:c3aed3c0baf2a107ba6df0b25588b56a0f7ae18c9b8a9e71db725629f0a2d8cd_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:df2032db9a082aa0d08adfc76a18d65548d2c2f14dedad0dc35bc0117aca42b8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0a162811f3d4d6c648c95896a2eb649836c459d62d1c2baf8fa617cac78453c4_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:13cf40d4e5330176358d8c9a726933d4ed814042ae31705dc43983dabf20c10a_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:38a810ddc53e87aa286db2db075fbc8095302f5a5dc019faeea5a6095c595b57_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:329dba4f10a52c84359451c09647cbf9978792ec9f7b72dea9f4162229d1b804_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:a57259020a57641ef473e2476cf80eb93c3e5399d99355b4a218f8a0bf6e2afb_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cffa01568a8d3dbc3e497151721be43a628fb4e0e50a86fc9da24604c1206712_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:02e713e61e7f54be3a0d67ec9162bf540922a54a51c10c8574b3385227121956_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:89b4f2be86bcddb502502486bc6014113892a977d74d3ef9dd80a38e53dc7461_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:e14ee8fdaed88f74a7027a4b427d64c7e7169725507b6f41b5504904acd39a41_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…