RHSA-2026:0518
Vulnerability from csaf_redhat - Published: 2026-01-13 16:03 - Updated: 2026-01-13 22:46Summary
Red Hat Security Advisory: Red Hat Quay 3.16.1
Notes
Topic
Red Hat Quay 3.16.1 is now available with bug fixes.
Details
Quay 3.16.1
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.1 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.1",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0518",
"url": "https://access.redhat.com/errata/RHSA-2026:0518"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0518.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.1",
"tracking": {
"current_release_date": "2026-01-13T22:46:39+00:00",
"generator": {
"date": "2026-01-13T22:46:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0518",
"initial_release_date": "2026-01-13T16:03:52+00:00",
"revision_history": [
{
"date": "2026-01-13T16:03:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-13T16:04:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:46:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3Ac1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Aa0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ab89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Ad209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ac7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Aa1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ad723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ab291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Aff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3Abf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979355"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767979280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ad9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767978288"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Ae8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767970174"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Abe10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767980647"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767969106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1767886976"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:03:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0518"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:03:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0518"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T16:03:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0518"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:18674692fb24a03b3aad3f255b205a3afac8e6201efced2945b4bded3a0168db_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:85e4c20d0dcc746ccf96de9d46e838b5239b1ae0faf328410021ca2454bb55b6_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:d209a8c2876c8dac0380b942c701f67742d737423400189859752214a814e5f5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:e8afb6364b22ee3d98bdf402a45cdd119dd52fe4c70d13c7e353d9917b5390fa_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:0fe722ed6c797a674d1edf5f2a0965eadd05a02bcc7598be674ccb61b8025df4_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b89297ecfb0a9f63e4da66cccca8d56a116bd2bb90e0782227f9d97387042253_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:be10460471b54f6b5442718a4fbf696bb074a6fdaf07569f3519d0677a15ba00_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:84021c67a5bd508aff6efc6e641f108175e617ef3eef2019f5cecd25dc9a0691_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9c878781eafcc20fe975634d4db7e795608ab89a6c77667c4af04d38af2500bd_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:d723221f0ad6ffca4be3b0dd095977ed231a389780ef78672a9fae6896bc9568_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:835936fd4e539387d9b8c9f9c1d2965d03835873b8c6027e4e9a1cde5ef6df55_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:bf793a2407f484febf3185542e8db736766da04297104fe8ceac0071d6773206_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:c1ab8f95c0dd121cd26d8ff0fe50fac54bc6934156a37b8a403c930059b506a5_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4061bfdf8eebf9aa51a7701a685daa5ef97741adab368a7c9c03fd9d01dd63ee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:12c014cc7ecc8a5ac4b4ae816cf1319d8a6dc5307dbb69de8484b2d276d1a48d_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:a0bfba880aa3c9350aabf6bc8345d9ad7d321edbef33aa8e48ae47e7668852ba_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d9fcca30e7cede4d2fca8a050b04a844453f174906e90ca7e06a77d71cf139f5_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:0c5c0e745efdd28ad5fcf313884fab04ae371748b91a10ffd86fb9da5c13172d_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:0f8e8939cde91c873fbc617202e10bb064ac27713e85f7c4914fb73f7d591c29_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:b291c5cd49701ab09df74370e8971614eaee2ed8b27a77eaae0c09e6bf2ba633_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:c7ab16c077f5ee2f4e597810309ebdc825c8477461d3343478010e5435623e4f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:87dff92ca84ba1c48bb87a276a660165c9d10475fd3067989b593a1fdce8e475_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:a1fccdf3e171f8c2410e0fb3182e49188eec90f2acc08174634114455853436d_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ff78174701ecd4c840dff59667f0790419f850771f6726973434bf5fd6e81687_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…