Vulnerability-Lookup

RHSA-2026:4655

Vulnerability from csaf_redhat - Published: 2026-03-16 19:32 - Updated: 2026-03-16 19:33

Summary

Red Hat Security Advisory: Insights proxy Container Image

Notes

Topic

Initial GA Release of Red Hat Insights proxy

Details

The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights. The Insights proxy routes all Red Hat Insights traffic through itself, providing a layer of privary and security for disconnected customer systems.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Initial GA Release of Red Hat Insights proxy",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Insights proxy Container is used by the Insights proxy product RPM\nand serves as an intermediary between cystomer systems in disconnected networks,\nair-gapped systems or systems with no outside connections and Insights.\n\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing\na layer of privary and security for disconnected customer systems.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:4655",
        "url": "https://access.redhat.com/errata/RHSA-2026:4655"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-14831",
        "url": "https://access.redhat.com/security/cve/CVE-2025-14831"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-15281",
        "url": "https://access.redhat.com/security/cve/CVE-2025-15281"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-9820",
        "url": "https://access.redhat.com/security/cve/CVE-2025-9820"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-0861",
        "url": "https://access.redhat.com/security/cve/CVE-2026-0861"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-0915",
        "url": "https://access.redhat.com/security/cve/CVE-2026-0915"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4655.json"
      }
    ],
    "title": "Red Hat Security Advisory: Insights proxy Container Image",
    "tracking": {
      "current_release_date": "2026-03-16T19:33:47+00:00",
      "generator": {
        "date": "2026-03-16T19:33:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2026:4655",
      "initial_release_date": "2026-03-16T19:32:19+00:00",
      "revision_history": [
        {
          "date": "2026-03-16T19:32:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-16T19:32:34+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-16T19:33:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Insights proxy 1.5",
                "product": {
                  "name": "Red Hat Insights proxy 1.5",
                  "product_id": "Red Hat Insights proxy 1.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Insights proxy"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64",
                "product": {
                  "name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64",
                  "product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1773685509"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
                "product": {
                  "name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
                  "product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1773685509"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64 as a component of Red Hat Insights proxy 1.5",
          "product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64"
        },
        "product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
        "relates_to_product_reference": "Red Hat Insights proxy 1.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64 as a component of Red Hat Insights proxy 1.5",
          "product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
        },
        "product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64",
        "relates_to_product_reference": "Red Hat Insights proxy 1.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9820",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2025-09-02T10:00:18.839000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392528"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Low, since exploitation requires local access or a malicious PKCS#11 token. While the impact is limited to denial of service or potential code execution in constrained scenarios, the vulnerability stems from a lack of proper bounds checking during token label handling in GnuTLS. Users should treat this as a security concern in environments where untrusted tokens may be introduced.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-9820"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392528",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392528"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-9820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820"
        },
        {
          "category": "external",
          "summary": "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5",
          "url": "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5"
        },
        {
          "category": "external",
          "summary": "https://gitlab.com/gnutls/gnutls/-/issues/1732",
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1732"
        },
        {
          "category": "external",
          "summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18",
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18"
        }
      ],
      "release_date": "2025-11-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-16T19:32:19+00:00",
          "details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4655"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Applying the upstream patch or vendor-supplied security update is the recommended resolution.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function"
    },
    {
      "cve": "CVE-2025-14831",
      "cwe": {
        "id": "CWE-407",
        "name": "Inefficient Algorithmic Complexity"
      },
      "discovery_date": "2025-12-17T14:48:30.222000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2423177"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat. GnuTLS is susceptible to a denial of service attack due to excessive CPU and memory consumption. This occurs when processing specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) during certificate verification.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-14831"
        },
        {
          "category": "external",
          "summary": "RHBZ#2423177",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-14831",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831"
        },
        {
          "category": "external",
          "summary": "https://gitlab.com/gnutls/gnutls/-/issues/1773",
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1773"
        }
      ],
      "release_date": "2026-02-09T14:26:34.939000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-16T19:32:19+00:00",
          "details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4655"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification"
    },
    {
      "cve": "CVE-2025-15281",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "discovery_date": "2026-01-20T14:01:12.320264+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431196"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to find an application linked to the glibc library that is using the wordexp function with the flags WRDE_REUSE and WRDE_APPEND. Also, calls to wordexp using both flags never worked correctly and thus the existence of applications that make use of this feature is unlikely. There is no known application vulnerable to this issue.\n\nFurthermore, this flaw will result in a denial of service with no other security impact.\n\nDue to these reasons, this vulnerability has been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15281"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431196",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431196"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33814",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33814"
        }
      ],
      "release_date": "2026-01-20T13:22:46.495000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-16T19:32:19+00:00",
          "details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4655"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, consider refactoring the use of the wordexp function to not use the WRDE_REUSE and WRDE_APPEND flags together.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory"
    },
    {
      "cve": "CVE-2026-0861",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2026-01-14T22:01:10.975595+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2429771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: Integer overflow in memalign leads to heap corruption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to find an application linked to the glibc library that is using one of the vulnerable functions (memalign, posix_memalign, aligned_alloc, valloc or pvalloc) in a way that the alignment parameter can be user-controlled, allowing an attacker to trigger the integer overflow. However, the alignment parameter used by the functions is usually hard-coded power of two and do not allow arbitrary values, specially values supplied by a user. There is no known application vulnerable to this issue.\n\nAlso, default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and memory protections significantly increase the difficult of achieving arbitrary code execution, limiting the impact of this vulnerability.\n\nDue to these reasons, this vulnerability has been rated with a low severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-0861"
        },
        {
          "category": "external",
          "summary": "RHBZ#2429771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-0861",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33796",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33796"
        }
      ],
      "release_date": "2026-01-14T21:01:11.037000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-16T19:32:19+00:00",
          "details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4655"
        },
        {
          "category": "workaround",
          "details": "Applications calling one of the vulnerable functions and allowing the alignment parameter to be set by user-controlled input can implement additional validations checks, ensuring the alignment value is a power of two and does not exceed a sane limit, for example the system page size or a maximum of 64KB. This prevents the excessively large value required to trigger the integer overflow.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glibc: Integer overflow in memalign leads to heap corruption"
    },
    {
      "cve": "CVE-2026-0915",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "discovery_date": "2026-01-15T23:01:26.157678+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2430201"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system\u0027s `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glibc: glibc: Information disclosure via zero-valued network query",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat products. It allows for information disclosure of stack contents to a configured DNS resolver when an application utilizes `getnetbyaddr` or `getnetbyaddr_r` with a DNS backend specified in `nsswitch.conf` for a zero-valued network query. This affects Red Hat Enterprise Linux and OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
          "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-0915"
        },
        {
          "category": "external",
          "summary": "RHBZ#2430201",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430201"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-0915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915"
        },
        {
          "category": "external",
          "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802",
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"
        }
      ],
      "release_date": "2026-01-15T22:08:41.630000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-16T19:32:19+00:00",
          "details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4655"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8_arm64",
            "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glibc: glibc: Information disclosure via zero-valued network query"
    }
  ]
}

CVE-2025-9820 (GCVE-0-2025-9820)

Vulnerability from cvelistv5 – Published: 2026-01-26 19:58 – Updated: 2026-03-16 19:33

Title

Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function

Summary

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Severity ?

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:3477	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4188	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4655	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-9820	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2392528	issue-trackingx_refsource_REDHAT
	https://gitlab.com/gnutls/gnutls/-/commit/1d56f96…
	https://gitlab.com/gnutls/gnutls/-/issues/1732
	https://www.gnutls.org/security-new.html#GNUTLS-S…

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:3.8.10-3.el10_1 , < * (rpm)
cpe:/o:redhat:enterprise_linux:10.1

Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-10.el9_7 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-10.el9_7 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Insights proxy 1.5	Unaffected: sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public ?

2025-11-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-26T20:08:12.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/11/20/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9820",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T20:10:45.615719Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-26T20:12:19.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.10-3.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-10.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-10.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-11-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T19:33:35.153Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3477",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3477"
        },
        {
          "name": "RHSA-2026:4188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4188"
        },
        {
          "name": "RHSA-2026:4655",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4655"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9820"
        },
        {
          "name": "RHBZ#2392528",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392528"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1732"
        },
        {
          "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-02T10:00:18.839Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-11-18T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Applying the upstream patch or vendor-supplied security update is the recommended resolution."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9820",
    "datePublished": "2026-01-26T19:58:32.886Z",
    "dateReserved": "2025-09-02T07:22:32.478Z",
    "dateUpdated": "2026-03-16T19:33:35.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0861 (GCVE-0-2026-0861)

Vulnerability from cvelistv5 – Published: 2026-01-14 21:01 – Updated: 2026-01-16 17:06

Title

Integer overflow in memalign leads to heap corruption

Summary

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

glibc

References

URL

Tags

	https://sourceware.org/bugzilla/show_bug.cgi?id=33796
	https://sourceware.org/git/?p=glibc.git;a=blob_pl…

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.30 , ≤ 2.42 (custom)

Date Public ?

2026-01-14 05:00

Credits

Igor Morgenstern, Aisle Research

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0861",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T21:24:01.342438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T21:25:55.741Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-16T17:06:42.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/16/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.42",
              "status": "affected",
              "version": "2.30",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Igor Morgenstern, Aisle Research"
        }
      ],
      "datePublic": "2026-01-14T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\u003cbr\u003e\u003cbr\u003eNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this.  The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument.  This limits the malicious inputs for the alignment for memalign to the range [1\u0026lt;\u0026lt;62+ 1, 1\u0026lt;\u0026lt;63] and exactly 1\u0026lt;\u0026lt;63 for posix_memalign and aligned_alloc.\u003cbr\u003e\u003cbr\u003eTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice.  An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments."
            }
          ],
          "value": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this.  The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument.  This limits the malicious inputs for the alignment for memalign to the range [1\u003c\u003c62+ 1, 1\u003c\u003c63] and exactly 1\u003c\u003c63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice.  An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T14:37:33.544Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33796"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow in memalign leads to heap corruption",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2026-0861",
    "datePublished": "2026-01-14T21:01:11.037Z",
    "dateReserved": "2026-01-12T14:35:11.285Z",
    "dateUpdated": "2026-01-16T17:06:42.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0915 (GCVE-0-2026-0915)

Vulnerability from cvelistv5 – Published: 2026-01-15 22:08 – Updated: 2026-01-20 16:03

Title

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

Summary

Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

glibc

References

URL

Tags

https://sourceware.org/bugzilla/show_bug.cgi?id=33802

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.0 , ≤ 2.42 (custom)

Credits

Igor Morgenstern, Aisle Research

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-16T17:06:43.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/16/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0915",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-20T16:03:19.464174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-20T16:03:52.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.42",
              "status": "affected",
              "version": "2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Igor Morgenstern, Aisle Research"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver."
            }
          ],
          "value": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library\u0027s DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-204",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908 Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T22:08:41.630Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2026-0915",
    "datePublished": "2026-01-15T22:08:41.630Z",
    "dateReserved": "2026-01-13T19:02:42.388Z",
    "dateUpdated": "2026-01-20T16:03:52.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14831 (GCVE-0-2025-14831)

Vulnerability from cvelistv5 – Published: 2026-02-09 14:51 – Updated: 2026-03-16 19:33

Title

Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification

Summary

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:3477	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4188	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:4655	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-14831	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2423177	issue-trackingx_refsource_REDHAT
	https://gitlab.com/gnutls/gnutls/-/issues/1773

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:3.8.10-3.el10_1 , < * (rpm)
cpe:/o:redhat:enterprise_linux:10.1

Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-10.el9_7 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.8.3-10.el9_7 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Insights proxy 1.5	Unaffected: sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public ?

2026-02-09 14:26

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14831",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T15:25:49.680881Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T15:26:01.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.10-3.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-10.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.8.3-10.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:325c34e2506d715975171557d40afb449c79cf6e0c41b35760977d5cafb827b8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "gnutls",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-02-09T14:26:34.939Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T19:33:35.202Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3477",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3477"
        },
        {
          "name": "RHSA-2026:4188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4188"
        },
        {
          "name": "RHSA-2026:4655",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:4655"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-14831"
        },
        {
          "name": "RHBZ#2423177",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
        },
        {
          "url": "https://gitlab.com/gnutls/gnutls/-/issues/1773"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-17T14:48:30.222Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-09T14:26:34.939Z",
          "value": "Made public."
        }
      ],
      "title": "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-407: Inefficient Algorithmic Complexity"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-14831",
    "datePublished": "2026-02-09T14:51:32.447Z",
    "dateReserved": "2025-12-17T14:44:59.859Z",
    "dateUpdated": "2026-03-16T19:33:35.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15281 (GCVE-0-2025-15281)

Vulnerability from cvelistv5 – Published: 2026-01-20 13:22 – Updated: 2026-01-22 19:21

Title

wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

Summary

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

glibc

References

URL

Tags

https://sourceware.org/bugzilla/show_bug.cgi?id=33814

Impacted products

	Vendor	Product	Version
	The GNU C Library	glibc	Affected: 2.0 , ≤ 2.42 (custom)

Credits

Vitaly Simonovich

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-20T17:08:42.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/20/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-15281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T19:21:34.491759Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-22T19:21:38.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "glibc",
          "vendor": "The GNU C Library",
          "versions": [
            {
              "lessThanOrEqual": "2.42",
              "status": "affected",
              "version": "2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vitaly Simonovich"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eCalling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.\u003c/div\u003e"
            }
          ],
          "value": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-129 Pointer Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908 Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T13:22:46.495Z",
        "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "shortName": "glibc"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33814"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
    "assignerShortName": "glibc",
    "cveId": "CVE-2025-15281",
    "datePublished": "2026-01-20T13:22:46.495Z",
    "dateReserved": "2025-12-29T20:07:29.736Z",
    "dateUpdated": "2026-01-22T19:21:38.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:4655

CVE-2025-9820 (GCVE-0-2025-9820)

CVE-2026-0861 (GCVE-0-2026-0861)

CVE-2026-0915 (GCVE-0-2026-0915)

CVE-2025-14831 (GCVE-0-2025-14831)

CVE-2025-15281 (GCVE-0-2025-15281)

Tags

Sightings

Nomenclature