RHSA-2025:23546
Vulnerability from csaf_redhat - Published: 2025-12-17 18:13 - Updated: 2025-12-23 20:43Summary
Red Hat Security Advisory: Red Hat Quay 3.16.0
Notes
Topic
Red Hat Quay 3.16.0 is now available with bug fixes.
Details
Quay 3.16.0
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.0 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.0",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23546",
"url": "https://access.redhat.com/errata/RHSA-2025:23546"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23546.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.0",
"tracking": {
"current_release_date": "2025-12-23T20:43:15+00:00",
"generator": {
"date": "2025-12-23T20:43:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23546",
"initial_release_date": "2025-12-17T18:13:48+00:00",
"revision_history": [
{
"date": "2025-12-17T18:13:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T18:13:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-23T20:43:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Ae052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Adb477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ade34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3Abe0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ad57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Acdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3Af889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Ad728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ade02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Abbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Aeb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Adcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.16.0-1765994726"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T18:13:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23546"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T18:13:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23546"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T18:13:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23546"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T18:13:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23546"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:08d535a391567411ba38c15fd4d53e55af621fa2abdc662e0713bd0388ea7720_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bbb37b6ddcd2350aa6a78264a4005d8f4ce6bd5b31efb65e37242e5a684c22b6_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d728d35dec3aff390e00fba6d5f08761adbaa4bffcf52df954268cdc474281b4_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:78ff6bc0ebad4768ae769da8bd73d76532ca462ddd70c25680d3bb5b4f2b5fb3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:571995466e750b28d543d6e04d19278c963595ecb2d2850472275126d136cab6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8637aee9cb3e669aa0cbff572978e7e7bb5cfde671b3c2d8e7a7485407e6e601_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:d57d4d362aa82f83de823e5f9eec5565055054eb0afac506e8d9fcde6f03a331_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cdc96c3ce869368e6ae8f9c18256d37c1b66c2727b3ebaf9ef87531ef5960aba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de02e8db53f0d31c9989caf8fc80b682eeb0e91372401cd6d79193383639b116_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:de34cdb27b480568b80074de464eb165b63096731ab76053eab42c19fb5bee5b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:f889c69f595ec55982ca2ff317afe3699c8b3203331e2dc9530b884b174ee5d6_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:e052fc307cfc1246983df50cd95970754d6cf955d0f9b56f8c384cd8f1c08be7_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5b476b56eb21b73f81e9771daa8541f053d823c3c309ed07ea39aa842f05f272_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:5bdf176960c38d00fa3ef96b6ff74d8ca5cfe390a072c43c82dba62dc3abd33a_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:db477fe4858ab95a04ae9d818a075dbe1bd28cc8777e2cbc5601c122fe8e3e78_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:65b333545b2608736c281cf1c0563218a2fe9a04964501339eb6c8f72727cf51_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:3441accc8e04edc08ae765c9af7a48025c1f6e24dff3addfa6646c46097c56fb_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:7699512cf6825b25c5d62e13f5e4e681dda27953372c7b52be11d088e029908a_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb319de54729619699819d8d34990ca304b7665fe63108467eb77ac917c343cf_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:908bd507b0591d591a21acc9a9a944190d8dbf3f70ed817f575a022dc18b6765_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:dcba4dc340a072bfa1453abadee34d1fe7e31e374f094c565f72161680b12dbc_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…