Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-64702 (GCVE-0-2025-64702)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:58 – Updated: 2025-12-12 20:45
VLAI?
EPSS
Title
quic-go HTTP/3 QPACK Header Expansion DoS
Summary
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.
Severity ?
5.3 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T20:44:44.521680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T20:45:30.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "quic-go",
"vendor": "quic-go",
"versions": [
{
"status": "affected",
"version": "\u003c 0.57.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:58:10.517Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6"
},
{
"name": "https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8"
}
],
"source": {
"advisory": "GHSA-g754-hx8w-x2g6",
"discovery": "UNKNOWN"
},
"title": "quic-go HTTP/3 QPACK Header Expansion DoS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64702",
"datePublished": "2025-12-11T20:58:10.517Z",
"dateReserved": "2025-11-10T14:07:42.920Z",
"dateUpdated": "2025-12-12T20:45:30.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-64702\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-11T21:15:54.707\",\"lastModified\":\"2025-12-12T15:17:31.973\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-64702\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-12T20:44:44.521680Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-12T20:44:58.953Z\"}}], \"cna\": {\"title\": \"quic-go HTTP/3 QPACK Header Expansion DoS\", \"source\": {\"advisory\": \"GHSA-g754-hx8w-x2g6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"quic-go\", \"product\": \"quic-go\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.57.0\"}]}], \"references\": [{\"url\": \"https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6\", \"name\": \"https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8\", \"name\": \"https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-11T20:58:10.517Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-64702\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-12T20:45:30.439Z\", \"dateReserved\": \"2025-11-10T14:07:42.920Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-11T20:58:10.517Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:20191-1
Vulnerability from csaf_opensuse - Published: 2026-02-10 21:52 - Updated: 2026-02-10 21:52Summary
Security update for trivy
Notes
Title of the patch
Security update for trivy
Description of the patch
This update for trivy fixes the following issues:
Changes in trivy:
- Update to version 0.69.0 (bsc#1255366, CVE-2025-64702):
* release: v0.69.0 [main] (#9886)
* chore: bump trivy-checks to v2 (#9875)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091)
* fix(repo): return a nil interface for gitAuth if missing (#10097)
* fix(java): correctly inherit properties from parent fields for pom.xml files (#9111)
* fix(rust): implement version inheritance for Cargo mono repos (#10011)
* feat(activestate): add support ActiveState images (#10081)
* feat(vex): support per-repo tls configuration (#10030)
* refactor: allow per-request transport options override (#10083)
* chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084)
* chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085)
* fix(java): correctly propagate repositories from upper POMs to dependencies (#10077)
* feat(rocky): enable modular package vulnerability detection (#10069)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079)
* docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070)
* feat(report): add Trivy version to JSON output (#10065)
* fix(rust): add cargo workspace members glob support (#10032)
* feat: add AnalyzedBy field to track which analyzer detected packages (#10059)
* fix: use canonical SPDX license IDs from embeded licenses.json (#10053)
* docs: fix link to Docker Image Specification (#10057)
* feat(secret): add detection for Symfony default secret key (#9892)
* refactor(misconf): move common logic to base value and simplify typed values (#9986)
* fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880)
* feat(misconf): use Terraform plan configuration to partially restore schema (#9623)
* feat(misconf): add action block to Terraform schema (#10035)
* fix(misconf): correct typos in block and attribute names (#9993)
* test(misconf): simplify test values using *Test helpers (#9985)
* fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980)
* feat(misconf): support for ARM resources defined as an object (#9959)
* feat(misconf): support for azurerm_*_web_app (#9944)
* test: migrate private test helpers to `export_test.go` convention (#10043)
* chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048)
* fix(secret): improve word boundary detection for Hugging Face tokens (#10046)
* fix(go): use ldflags version for all pseudo-versions (#10037)
* chore: switch to ID from AVDID in internal and user-facing fields (#9655)
* refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752)
* fix: move enum into items for array-type fields in JSON Schema (#10039)
* docs: fix incorrect documentation URLs (#10038)
* feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033)
* fix(docker): fix non-det scan results for images with embedded SBOM (#9866)
* chore(deps): bump the github-actions group with 11 updates (#10001)
* test: fix assertion after 2026 roll over (#10002)
* fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964)
* fix(license): normalize licenses for PostAnalyzers (#9941)
* feat(nodejs): parse licenses from `package-lock.json` file (#9983)
* chore: update reference links to Go Wiki (#9987)
* refactor: add xslices.Map and replace lo.Map usages (#9984)
* fix(image): race condition in image artifact inspection (#9966)
* feat(flag): add JSON Schema for trivy.yaml configuration file (#9971)
* refactor(debian): use txtar format for test data (#9957)
* chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973)
* feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930)
* feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932)
* docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961)
* perf(misconf): optimize string concatenation in azure scanner (#9969)
* chore: add client option to install script (#9962)
* ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956)
* chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952)
* docs: update binary signature verification for sigstore bundles (#9929)
* chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935)
* chore(alpine): add EOL date for alpine 3.23 (#9934)
* feat(cloudformation): add support for Fn::ForEach (#9508)
* ci: enable `check-latest` for `setup-go` (#9931)
* feat(debian): detect third-party packages using maintainer list (#9917)
* fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924)
* feat(helm): add sslCertDir parameter (#9697)
* fix(misconf): respect .yml files when Helm charts are detected (#9912)
* feat(php): add support for dev dependencies in Composer (#9910)
* chore(deps): bump the common group across 1 directory with 9 updates (#9903)
* chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859)
* fix: remove trailing tab in statefulset template (#9889)
* feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800)
* feat(misconf): initial ansible scanning support (#9332)
* feat(misconf): Update Azure Database schema (#9811)
* ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869)
* chore: update the install script (#9874)
Patchnames
openSUSE-Leap-16.0-packagehub-118
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for trivy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for trivy fixes the following issues:\n\nChanges in trivy:\n\n- Update to version 0.69.0 (bsc#1255366, CVE-2025-64702):\n * release: v0.69.0 [main] (#9886)\n * chore: bump trivy-checks to v2 (#9875)\n * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091)\n * fix(repo): return a nil interface for gitAuth if missing (#10097)\n * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111)\n * fix(rust): implement version inheritance for Cargo mono repos (#10011)\n * feat(activestate): add support ActiveState images (#10081)\n * feat(vex): support per-repo tls configuration (#10030)\n * refactor: allow per-request transport options override (#10083)\n * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084)\n * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085)\n * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077)\n * feat(rocky): enable modular package vulnerability detection (#10069)\n * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079)\n * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070)\n * feat(report): add Trivy version to JSON output (#10065)\n * fix(rust): add cargo workspace members glob support (#10032)\n * feat: add AnalyzedBy field to track which analyzer detected packages (#10059)\n * fix: use canonical SPDX license IDs from embeded licenses.json (#10053)\n * docs: fix link to Docker Image Specification (#10057)\n * feat(secret): add detection for Symfony default secret key (#9892)\n * refactor(misconf): move common logic to base value and simplify typed values (#9986)\n * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880)\n * feat(misconf): use Terraform plan configuration to partially restore schema (#9623)\n * feat(misconf): add action block to Terraform schema (#10035)\n * fix(misconf): correct typos in block and attribute names (#9993)\n * test(misconf): simplify test values using *Test helpers (#9985)\n * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980)\n * feat(misconf): support for ARM resources defined as an object (#9959)\n * feat(misconf): support for azurerm_*_web_app (#9944)\n * test: migrate private test helpers to `export_test.go` convention (#10043)\n * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048)\n * fix(secret): improve word boundary detection for Hugging Face tokens (#10046)\n * fix(go): use ldflags version for all pseudo-versions (#10037)\n * chore: switch to ID from AVDID in internal and user-facing fields (#9655)\n * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752)\n * fix: move enum into items for array-type fields in JSON Schema (#10039)\n * docs: fix incorrect documentation URLs (#10038)\n * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033)\n * fix(docker): fix non-det scan results for images with embedded SBOM (#9866)\n * chore(deps): bump the github-actions group with 11 updates (#10001)\n * test: fix assertion after 2026 roll over (#10002)\n * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964)\n * fix(license): normalize licenses for PostAnalyzers (#9941)\n * feat(nodejs): parse licenses from `package-lock.json` file (#9983)\n * chore: update reference links to Go Wiki (#9987)\n * refactor: add xslices.Map and replace lo.Map usages (#9984)\n * fix(image): race condition in image artifact inspection (#9966)\n * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971)\n * refactor(debian): use txtar format for test data (#9957)\n * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973)\n * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930)\n * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932)\n * docs: add info that `--file-pattern` flag doesn\u0027t disable default behaviuor (#9961)\n * perf(misconf): optimize string concatenation in azure scanner (#9969)\n * chore: add client option to install script (#9962)\n * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956)\n * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952)\n * docs: update binary signature verification for sigstore bundles (#9929)\n * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935)\n * chore(alpine): add EOL date for alpine 3.23 (#9934)\n * feat(cloudformation): add support for Fn::ForEach (#9508)\n * ci: enable `check-latest` for `setup-go` (#9931)\n * feat(debian): detect third-party packages using maintainer list (#9917)\n * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924)\n * feat(helm): add sslCertDir parameter (#9697)\n * fix(misconf): respect .yml files when Helm charts are detected (#9912)\n * feat(php): add support for dev dependencies in Composer (#9910)\n * chore(deps): bump the common group across 1 directory with 9 updates (#9903)\n * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859)\n * fix: remove trailing tab in statefulset template (#9889)\n * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800)\n * feat(misconf): initial ansible scanning support (#9332)\n * feat(misconf): Update Azure Database schema (#9811)\n * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869)\n * chore: update the install script (#9874)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-118",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20191-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1255366",
"url": "https://bugzilla.suse.com/1255366"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66564 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66564/"
}
],
"title": "Security update for trivy",
"tracking": {
"current_release_date": "2026-02-10T21:52:10Z",
"generator": {
"date": "2026-02-10T21:52:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20191-1",
"initial_release_date": "2026-02-10T21:52:10Z",
"revision_history": [
{
"date": "2026-02-10T21:52:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-bp160.1.1.aarch64",
"product": {
"name": "trivy-0.69.0-bp160.1.1.aarch64",
"product_id": "trivy-0.69.0-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-bp160.1.1.ppc64le",
"product": {
"name": "trivy-0.69.0-bp160.1.1.ppc64le",
"product_id": "trivy-0.69.0-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-bp160.1.1.s390x",
"product": {
"name": "trivy-0.69.0-bp160.1.1.s390x",
"product_id": "trivy-0.69.0-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-bp160.1.1.x86_64",
"product": {
"name": "trivy-0.69.0-bp160.1.1.x86_64",
"product_id": "trivy-0.69.0-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64"
},
"product_reference": "trivy-0.69.0-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le"
},
"product_reference": "trivy-0.69.0-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x"
},
"product_reference": "trivy-0.69.0-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
},
"product_reference": "trivy-0.69.0-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64702"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64702",
"url": "https://www.suse.com/security/cve/CVE-2025-64702"
},
{
"category": "external",
"summary": "SUSE Bug 1255365 for CVE-2025-64702",
"url": "https://bugzilla.suse.com/1255365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-10T21:52:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-64702"
},
{
"cve": "CVE-2025-66564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66564"
}
],
"notes": [
{
"category": "general",
"text": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). This vulnerability is fixed in 2.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66564",
"url": "https://www.suse.com/security/cve/CVE-2025-66564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.69.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-10T21:52:10Z",
"details": "important"
}
],
"title": "CVE-2025-66564"
}
]
}
OPENSUSE-SU-2026:10131-1
Vulnerability from csaf_opensuse - Published: 2026-02-02 00:00 - Updated: 2026-02-02 00:00Summary
trivy-0.69.0-1.1 on GA media
Notes
Title of the patch
trivy-0.69.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the trivy-0.69.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2026-10131
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "trivy-0.69.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the trivy-0.69.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10131",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10131-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66564 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66564/"
}
],
"title": "trivy-0.69.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-02T00:00:00Z",
"generator": {
"date": "2026-02-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10131-1",
"initial_release_date": "2026-02-02T00:00:00Z",
"revision_history": [
{
"date": "2026-02-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-1.1.aarch64",
"product": {
"name": "trivy-0.69.0-1.1.aarch64",
"product_id": "trivy-0.69.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-1.1.ppc64le",
"product": {
"name": "trivy-0.69.0-1.1.ppc64le",
"product_id": "trivy-0.69.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-1.1.s390x",
"product": {
"name": "trivy-0.69.0-1.1.s390x",
"product_id": "trivy-0.69.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.69.0-1.1.x86_64",
"product": {
"name": "trivy-0.69.0-1.1.x86_64",
"product_id": "trivy-0.69.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64"
},
"product_reference": "trivy-0.69.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le"
},
"product_reference": "trivy-0.69.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x"
},
"product_reference": "trivy-0.69.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.69.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
},
"product_reference": "trivy-0.69.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64702"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64702",
"url": "https://www.suse.com/security/cve/CVE-2025-64702"
},
{
"category": "external",
"summary": "SUSE Bug 1255365 for CVE-2025-64702",
"url": "https://bugzilla.suse.com/1255365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64702"
},
{
"cve": "CVE-2025-66564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66564"
}
],
"notes": [
{
"category": "general",
"text": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function\u0027s argument). This vulnerability is fixed in 2.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66564",
"url": "https://www.suse.com/security/cve/CVE-2025-66564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.69.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.69.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-66564"
}
]
}
OPENSUSE-SU-2026:10035-1
Vulnerability from csaf_opensuse - Published: 2026-01-12 00:00 - Updated: 2026-01-12 00:00Summary
teleport-17.7.13-1.1 on GA media
Notes
Title of the patch
teleport-17.7.13-1.1 on GA media
Description of the patch
These are all security issues fixed in the teleport-17.7.13-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2026-10035
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "teleport-17.7.13-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the teleport-17.7.13-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10035",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10035-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64702/"
}
],
"title": "teleport-17.7.13-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-12T00:00:00Z",
"generator": {
"date": "2026-01-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10035-1",
"initial_release_date": "2026-01-12T00:00:00Z",
"revision_history": [
{
"date": "2026-01-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "teleport-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-17.7.13-1.1.aarch64",
"product_id": "teleport-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-bash-completion-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-bash-completion-17.7.13-1.1.aarch64",
"product_id": "teleport-bash-completion-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-fdpass-teleport-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-fdpass-teleport-17.7.13-1.1.aarch64",
"product_id": "teleport-fdpass-teleport-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tbot-17.7.13-1.1.aarch64",
"product_id": "teleport-tbot-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-bash-completion-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tbot-bash-completion-17.7.13-1.1.aarch64",
"product_id": "teleport-tbot-bash-completion-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.aarch64",
"product_id": "teleport-tbot-zsh-completion-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tctl-17.7.13-1.1.aarch64",
"product_id": "teleport-tctl-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-bash-completion-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tctl-bash-completion-17.7.13-1.1.aarch64",
"product_id": "teleport-tctl-bash-completion-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.aarch64",
"product_id": "teleport-tctl-zsh-completion-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tsh-17.7.13-1.1.aarch64",
"product_id": "teleport-tsh-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-bash-completion-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tsh-bash-completion-17.7.13-1.1.aarch64",
"product_id": "teleport-tsh-bash-completion-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.aarch64",
"product_id": "teleport-tsh-zsh-completion-17.7.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "teleport-zsh-completion-17.7.13-1.1.aarch64",
"product": {
"name": "teleport-zsh-completion-17.7.13-1.1.aarch64",
"product_id": "teleport-zsh-completion-17.7.13-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-17.7.13-1.1.ppc64le",
"product_id": "teleport-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-bash-completion-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-bash-completion-17.7.13-1.1.ppc64le",
"product_id": "teleport-bash-completion-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-fdpass-teleport-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-fdpass-teleport-17.7.13-1.1.ppc64le",
"product_id": "teleport-fdpass-teleport-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tbot-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tbot-17.7.13-1.1.ppc64le",
"product_id": "teleport-tbot-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tbot-bash-completion-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tbot-bash-completion-17.7.13-1.1.ppc64le",
"product_id": "teleport-tbot-bash-completion-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le",
"product_id": "teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tctl-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tctl-17.7.13-1.1.ppc64le",
"product_id": "teleport-tctl-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tctl-bash-completion-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tctl-bash-completion-17.7.13-1.1.ppc64le",
"product_id": "teleport-tctl-bash-completion-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le",
"product_id": "teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tsh-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tsh-17.7.13-1.1.ppc64le",
"product_id": "teleport-tsh-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tsh-bash-completion-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tsh-bash-completion-17.7.13-1.1.ppc64le",
"product_id": "teleport-tsh-bash-completion-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le",
"product_id": "teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "teleport-zsh-completion-17.7.13-1.1.ppc64le",
"product": {
"name": "teleport-zsh-completion-17.7.13-1.1.ppc64le",
"product_id": "teleport-zsh-completion-17.7.13-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-17.7.13-1.1.s390x",
"product": {
"name": "teleport-17.7.13-1.1.s390x",
"product_id": "teleport-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-bash-completion-17.7.13-1.1.s390x",
"product": {
"name": "teleport-bash-completion-17.7.13-1.1.s390x",
"product_id": "teleport-bash-completion-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-fdpass-teleport-17.7.13-1.1.s390x",
"product": {
"name": "teleport-fdpass-teleport-17.7.13-1.1.s390x",
"product_id": "teleport-fdpass-teleport-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tbot-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tbot-17.7.13-1.1.s390x",
"product_id": "teleport-tbot-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tbot-bash-completion-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tbot-bash-completion-17.7.13-1.1.s390x",
"product_id": "teleport-tbot-bash-completion-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.s390x",
"product_id": "teleport-tbot-zsh-completion-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tctl-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tctl-17.7.13-1.1.s390x",
"product_id": "teleport-tctl-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tctl-bash-completion-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tctl-bash-completion-17.7.13-1.1.s390x",
"product_id": "teleport-tctl-bash-completion-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.s390x",
"product_id": "teleport-tctl-zsh-completion-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tsh-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tsh-17.7.13-1.1.s390x",
"product_id": "teleport-tsh-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tsh-bash-completion-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tsh-bash-completion-17.7.13-1.1.s390x",
"product_id": "teleport-tsh-bash-completion-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.s390x",
"product": {
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.s390x",
"product_id": "teleport-tsh-zsh-completion-17.7.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "teleport-zsh-completion-17.7.13-1.1.s390x",
"product": {
"name": "teleport-zsh-completion-17.7.13-1.1.s390x",
"product_id": "teleport-zsh-completion-17.7.13-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "teleport-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-17.7.13-1.1.x86_64",
"product_id": "teleport-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-bash-completion-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-bash-completion-17.7.13-1.1.x86_64",
"product_id": "teleport-bash-completion-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-fdpass-teleport-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-fdpass-teleport-17.7.13-1.1.x86_64",
"product_id": "teleport-fdpass-teleport-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tbot-17.7.13-1.1.x86_64",
"product_id": "teleport-tbot-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-bash-completion-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tbot-bash-completion-17.7.13-1.1.x86_64",
"product_id": "teleport-tbot-bash-completion-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.x86_64",
"product_id": "teleport-tbot-zsh-completion-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tctl-17.7.13-1.1.x86_64",
"product_id": "teleport-tctl-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-bash-completion-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tctl-bash-completion-17.7.13-1.1.x86_64",
"product_id": "teleport-tctl-bash-completion-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.x86_64",
"product_id": "teleport-tctl-zsh-completion-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tsh-17.7.13-1.1.x86_64",
"product_id": "teleport-tsh-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-bash-completion-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tsh-bash-completion-17.7.13-1.1.x86_64",
"product_id": "teleport-tsh-bash-completion-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.x86_64",
"product_id": "teleport-tsh-zsh-completion-17.7.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "teleport-zsh-completion-17.7.13-1.1.x86_64",
"product": {
"name": "teleport-zsh-completion-17.7.13-1.1.x86_64",
"product_id": "teleport-zsh-completion-17.7.13-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-17.7.13-1.1.s390x"
},
"product_reference": "teleport-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-bash-completion-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-bash-completion-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-bash-completion-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-bash-completion-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-bash-completion-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.s390x"
},
"product_reference": "teleport-bash-completion-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-bash-completion-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-bash-completion-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-fdpass-teleport-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-fdpass-teleport-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-fdpass-teleport-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-fdpass-teleport-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-fdpass-teleport-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.s390x"
},
"product_reference": "teleport-fdpass-teleport-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-fdpass-teleport-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-fdpass-teleport-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tbot-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tbot-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tbot-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tbot-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-bash-completion-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tbot-bash-completion-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-bash-completion-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tbot-bash-completion-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-bash-completion-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tbot-bash-completion-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-bash-completion-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tbot-bash-completion-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tbot-zsh-completion-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tbot-zsh-completion-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tbot-zsh-completion-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tbot-zsh-completion-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tctl-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tctl-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tctl-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tctl-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-bash-completion-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tctl-bash-completion-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-bash-completion-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tctl-bash-completion-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-bash-completion-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tctl-bash-completion-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-bash-completion-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tctl-bash-completion-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tctl-zsh-completion-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tctl-zsh-completion-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tctl-zsh-completion-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tctl-zsh-completion-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tsh-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tsh-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tsh-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tsh-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-bash-completion-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tsh-bash-completion-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-bash-completion-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tsh-bash-completion-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-bash-completion-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tsh-bash-completion-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-bash-completion-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tsh-bash-completion-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-tsh-zsh-completion-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.s390x"
},
"product_reference": "teleport-tsh-zsh-completion-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-tsh-zsh-completion-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-tsh-zsh-completion-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-zsh-completion-17.7.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.aarch64"
},
"product_reference": "teleport-zsh-completion-17.7.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-zsh-completion-17.7.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.ppc64le"
},
"product_reference": "teleport-zsh-completion-17.7.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-zsh-completion-17.7.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.s390x"
},
"product_reference": "teleport-zsh-completion-17.7.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "teleport-zsh-completion-17.7.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.x86_64"
},
"product_reference": "teleport-zsh-completion-17.7.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64702"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:teleport-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64702",
"url": "https://www.suse.com/security/cve/CVE-2025-64702"
},
{
"category": "external",
"summary": "SUSE Bug 1255365 for CVE-2025-64702",
"url": "https://bugzilla.suse.com/1255365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:teleport-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:teleport-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-fdpass-teleport-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-bash-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.7.13-1.1.x86_64",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.aarch64",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.ppc64le",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.s390x",
"openSUSE Tumbleweed:teleport-zsh-completion-17.7.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64702"
}
]
}
FKIE_CVE-2025-64702
Vulnerability from fkie_nvd - Published: 2025-12-11 21:15 - Updated: 2025-12-12 15:17
Severity ?
Summary
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion. This issue is fixed in version 0.57.0."
}
],
"id": "CVE-2025-64702",
"lastModified": "2025-12-12T15:17:31.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-11T21:15:54.707",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-G754-HX8W-X2G6
Vulnerability from github – Published: 2025-12-11 16:48 – Updated: 2025-12-17 00:36
VLAI?
Summary
quic-go HTTP/3 QPACK Header Expansion DoS
Details
Summary
An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an http.Header (used on the http.Request and http.Response, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion.
Impact
A misbehaving or malicious peer can cause a denial-of-service (DoS) attack on quic-go's HTTP/3 servers or clients by triggering excessive memory allocation, potentially leading to crashes or exhaustion. It affects both servers and clients due to symmetric header construction.
Details
In HTTP/3, headers are compressed using QPACK (RFC 9204). quic-go's HTTP/3 server (and client) decodes the QPACK-encoded HEADERS frame into header fields, then constructs an http.Request (or response).
http3.Server.MaxHeaderBytes and http3.Transport.MaxResponseHeaderBytes, respectively, limit encoded HEADERS frame size (default: 1 MB server, 10 MB client), but not decoded size. A maliciously crafted HEADERS frame can expand to ~50x the encoded size using QPACK static table entries with long names / values.
RFC 9114 requires enforcing decoded field section size limits via SETTINGS, which quic-go did not do.
The Fix
quic-go now enforces RFC 9114 decoded field section size limits, sending SETTINGS_MAX_FIELD_SECTION_SIZE and using incremental QPACK decoding to check the header size after each entry, aborting early on violations with HTTP 431 (on the server side) and stream reset (on the client side).
Severity ?
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/quic-go/quic-go"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.57.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-64702"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-11T16:48:27Z",
"nvd_published_at": "2025-12-11T21:15:54Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nAn attacker can cause excessive memory allocation in quic-go\u0027s HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header names and/or large values). The implementation builds an `http.Header` (used on the `http.Request` and `http.Response`, respectively), while only enforcing limits on the size of the (QPACK-compressed) HEADERS frame, but not on the decoded header, leading to memory exhaustion.\n\n## Impact\n\nA misbehaving or malicious peer can cause a denial-of-service (DoS) attack on quic-go\u0027s HTTP/3 servers or clients by triggering excessive memory allocation, potentially leading to crashes or exhaustion. It affects both servers and clients due to symmetric header construction.\n\n## Details\n\nIn HTTP/3, headers are compressed using QPACK (RFC 9204). quic-go\u0027s HTTP/3 server (and client) decodes the QPACK-encoded HEADERS frame into header fields, then constructs an http.Request (or response).\n\n`http3.Server.MaxHeaderBytes` and `http3.Transport.MaxResponseHeaderBytes`, respectively, limit encoded HEADERS frame size (default: 1 MB server, 10 MB client), but not decoded size. A maliciously crafted HEADERS frame can expand to ~50x the encoded size using QPACK static table entries with long names / values.\n\nRFC 9114 requires enforcing decoded field section size limits via SETTINGS, which quic-go did not do.\n\n## The Fix\n\nquic-go now enforces RFC 9114 decoded field section size limits, sending SETTINGS_MAX_FIELD_SECTION_SIZE and using incremental QPACK decoding to check the header size after each entry, aborting early on violations with HTTP 431 (on the server side) and stream reset (on the client side).",
"id": "GHSA-g754-hx8w-x2g6",
"modified": "2025-12-17T00:36:27Z",
"published": "2025-12-11T16:48:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64702"
},
{
"type": "WEB",
"url": "https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8"
},
{
"type": "PACKAGE",
"url": "https://github.com/quic-go/quic-go"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "quic-go HTTP/3 QPACK Header Expansion DoS"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…