Vulnerability-Lookup

RHSA-2025:9895

Vulnerability from csaf_redhat - Published: 2025-06-30 09:58 - Updated: 2026-02-03 20:10

Summary

Red Hat Security Advisory: Red Hat Service Interconnect security update

Notes

Topic

An update is now available for Service Interconnect 1.4 LTS for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Service Interconnect 1.4 LTS for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:9895",
        "url": "https://access.redhat.com/errata/RHSA-2025:9895"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4"
      },
      {
        "category": "external",
        "summary": "2342757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342757"
      },
      {
        "category": "external",
        "summary": "2346416",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416"
      },
      {
        "category": "external",
        "summary": "2346421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346421"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9895.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Service Interconnect security update",
    "tracking": {
      "current_release_date": "2026-02-03T20:10:03+00:00",
      "generator": {
        "date": "2026-02-03T20:10:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.16"
        }
      },
      "id": "RHSA-2025:9895",
      "initial_release_date": "2025-06-30T09:58:40+00:00",
      "revision_history": [
        {
          "date": "2025-06-30T09:58:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-06-30T09:58:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-02-03T20:10:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "9Base-Service-Interconnect-1.4",
                "product": {
                  "name": "9Base-Service-Interconnect-1.4",
                  "product_id": "9Base-Service-Interconnect-1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Service Interconnect"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
                "product": {
                  "name": "service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
                  "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.4.8-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
                "product": {
                  "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
                  "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.4.8-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
                "product": {
                  "name": "service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
                  "product_id": "service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.4.8-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
                "product": {
                  "name": "service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
                  "product_id": "service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.4.3-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
                "product": {
                  "name": "service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
                  "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.4.8-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64",
                "product": {
                  "name": "service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64",
                  "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.4.8-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64"
        },
        "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64"
        },
        "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64"
        },
        "product_reference": "service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64"
        },
        "product_reference": "service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64"
        },
        "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
        },
        "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12797",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2025-01-29T09:25:13.972000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2342757"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSL\u0027s RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server\u0027s RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2, which was first shipped in RHEL 9.5. Earlier releases of OpenSSL provided in RHEL prior to 9.5 are not affected. \n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server\u0027s RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. \n\nClients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected.\n\nrhel9/ruby-33 \u0026 ubi9/ruby-33 are not affected because RPK is not present in any form or as any function that could be called from Ruby via Red Hat supported RPMs in RHEL. For example the SSL_dane_enable or SSL_add_expected_rpk or X509_STORE_CTX_get0_rpk or X509_STORE_CTX_init_rpk (and more rpk-related) functions are not callable from Ruby.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-12797"
        },
        {
          "category": "external",
          "summary": "RHBZ#2342757",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342757"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-12797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12797"
        }
      ],
      "release_date": "2025-02-11T15:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-30T09:58:40+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:9895"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openssl: RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected"
    },
    {
      "cve": "CVE-2024-56171",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-02-18T23:01:25.366636+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2346416"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxml2: Use-After-Free in libxml2",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important because it involves a use-after-free flaw in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions. A maliciously crafted XML document or schema, containing specific identity constraints, can be used to trigger this vulnerability and potentially gain unauthorized access or cause a denial-of-service condition.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-56171"
        },
        {
          "category": "external",
          "summary": "RHBZ#2346416",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-56171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"
        }
      ],
      "release_date": "2025-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-30T09:58:40+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:9895"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libxml2: Use-After-Free in libxml2"
    },
    {
      "cve": "CVE-2025-24928",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2025-02-18T23:01:36.502916+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2346421"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important because it involves a stack-based buffer overflow in the xmlSnprintfElements function within valid.c. Exploiting this issue requires DTD validation to occur on an untrusted document or untrusted DTD, making it a potential security risk for applications using libxml2 that do not adequately restrict DTD input.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-24928"
        },
        {
          "category": "external",
          "summary": "RHBZ#2346421",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346421"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-24928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847"
        },
        {
          "category": "external",
          "summary": "https://issues.oss-fuzz.com/issues/392687022",
          "url": "https://issues.oss-fuzz.com/issues/392687022"
        }
      ],
      "release_date": "2025-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-30T09:58:40+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:9895"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:a8e4ab9a71183698ccead00ac54c354e6e749b0e85d82b6b3216c4e686944aff_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:51f9a24e3dc9b1d47c474fec5389e1e166f1a52f49940ca637755ea4fe5fd204_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:0f6c6faf7fdf7b6d69bc5cc4b0266064d0035e295d0562b957d95c8c81699f2b_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:84ea16f6b12159c0941d149dde8bc09739bfc5313f9d04a0ae8008aec25cd4af_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:aa8406cdd6f52d3262575989db783e165986054152b24a82260fa493a93eb297_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:5b6d67ddcb01f1ad961f1593bd29458d758b28c4166901d0a0d87fbb937b34a9_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2"
    }
  ]
}

CVE-2024-56171 (GCVE-0-2024-56171)

Vulnerability from cvelistv5 – Published: 2025-02-18 00:00 – Updated: 2025-11-03 20:49

Summary

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-416 - Use After Free

Assigner

mitre

References

URL

Tags

https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

Impacted products

	Vendor	Product	Version
	xmlsoft	libxml2	Affected: 0 , < 2.12.10 (semver) Affected: 2.13.0 , < 2.13.6 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56171",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T16:26:31.484719Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T16:26:41.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:05.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250328-0010/"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/13"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/10"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/9"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/8"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/5"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/4"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/12"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/11"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libxml2",
          "vendor": "xmlsoft",
          "versions": [
            {
              "lessThan": "2.12.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.6",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.12.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.13.6",
                  "versionStartIncluding": "2.13.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-18T22:10:20.934Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-56171",
    "datePublished": "2025-02-18T00:00:00.000Z",
    "dateReserved": "2024-12-18T00:00:00.000Z",
    "dateUpdated": "2025-11-03T20:49:05.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-24928 (GCVE-0-2025-24928)

Vulnerability from cvelistv5 – Published: 2025-02-18 00:00 – Updated: 2025-11-03 21:12

Summary

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

mitre

References

URL

Tags

	https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
	https://issues.oss-fuzz.com/issues/392687022

Impacted products

	Vendor	Product	Version
	xmlsoft	libxml2	Affected: 0 , < 2.12.10 (semver) Affected: 2.13.0 , < 2.13.6 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24928",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-22T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T03:55:31.090Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:12:47.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250321-0006/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libxml2",
          "vendor": "xmlsoft",
          "versions": [
            {
              "lessThan": "2.12.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.6",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.12.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.13.6",
                  "versionStartIncluding": "2.13.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-18T22:20:43.285Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847"
        },
        {
          "url": "https://issues.oss-fuzz.com/issues/392687022"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-24928",
    "datePublished": "2025-02-18T00:00:00.000Z",
    "dateReserved": "2025-01-28T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:12:47.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-12797 (GCVE-0-2024-12797)

Vulnerability from cvelistv5 – Published: 2025-02-11 15:59 – Updated: 2025-02-18 14:01

Title

RFC7250 handshakes with unauthenticated servers don't abort as expected

Summary

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected. This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Severity ?

No CVSS data available.

CWE

CWE-392 - Missing Report of Error Condition

Assigner

openssl

References

URL

Tags

	https://openssl-library.org/news/secadv/20250211.txt	vendor-advisory
	https://github.com/openssl/openssl/commit/738d4f9…	patch
	https://github.com/openssl/openssl/commit/87ebd20…	patch
	https://github.com/openssl/openssl/commit/798779d…	patch

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Affected: 3.4.0 , < 3.4.1 (semver) Affected: 3.3.0 , < 3.3.3 (semver) Affected: 3.2.0 , < 3.2.4 (semver)

Credits

Apple Inc. Viktor Dukhovni

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-15T00:10:32.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/11/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/11/4"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250214-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T20:24:14.595864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T14:01:55.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.4.1",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.3",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.4",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Apple Inc."
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2025-02-11T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\u003cbr\u003eserver may fail to notice that the server was not authenticated, because\u003cbr\u003ehandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\u003cbr\u003eis set.\u003cbr\u003e\u003cbr\u003eImpact summary: TLS and DTLS connections using raw public keys may be\u003cbr\u003evulnerable to man-in-middle attacks when server authentication failure is not\u003cbr\u003edetected by clients.\u003cbr\u003e\u003cbr\u003eRPKs are disabled by default in both TLS clients and TLS servers.  The issue\u003cbr\u003eonly arises when TLS clients explicitly enable RPK use by the server, and the\u003cbr\u003eserver, likewise, enables sending of an RPK instead of an X.509 certificate\u003cbr\u003echain.  The affected clients are those that then rely on the handshake to\u003cbr\u003efail when the server\u0027s RPK fails to match one of the expected public keys,\u003cbr\u003eby setting the verification mode to SSL_VERIFY_PEER.\u003cbr\u003e\u003cbr\u003eClients that enable server-side raw public keys can still find out that raw\u003cbr\u003epublic key verification failed by calling SSL_get_verify_result(), and those\u003cbr\u003ethat do, and take appropriate action, are not affected.  This issue was\u003cbr\u003eintroduced in the initial implementation of RPK support in OpenSSL 3.2.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
            }
          ],
          "value": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers.  The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain.  The affected clients are those that then rely on the handshake to\nfail when the server\u0027s RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected.  This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "High"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-392",
              "description": "CWE-392 Missing Report of Error Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T15:59:36.719Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20250211.txt"
        },
        {
          "name": "3.4.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9"
        },
        {
          "name": "3.3.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699"
        },
        {
          "name": "3.2.4 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-12797",
    "datePublished": "2025-02-11T15:59:36.719Z",
    "dateReserved": "2024-12-19T13:54:37.212Z",
    "dateUpdated": "2025-02-18T14:01:55.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:9895

CVE-2024-56171 (GCVE-0-2024-56171)

CVE-2025-24928 (GCVE-0-2025-24928)

CVE-2024-12797 (GCVE-0-2024-12797)

Tags

Sightings

Nomenclature