csaf_suse - suse-su-2025:1018-1

Vulnerability from csaf_suse

Published

2025-03-26 09:03

Modified

2025-03-26 09:03

Summary

Security update for buildah

Notes

Title of the patch

Security update for buildah

Description of the patch

This update for buildah fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239339).

Patchnames

SUSE-2025-1018,SUSE-SLE-Module-Containers-15-SP6-2025-1018,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1018,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1018,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1018,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1018,openSUSE-SLE-15.6-2025-1018

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for buildah",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for buildah fixes the following issues:\n\n- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239339).\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "SUSE-2025-1018,SUSE-SLE-Module-Containers-15-SP6-2025-1018,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1018,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1018,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1018,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1018,openSUSE-SLE-15.6-2025-1018",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1018-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2025:1018-1",
            url: "https://www.suse.com/support/update/announcement/2025/suse-su-20251018-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2025:1018-1",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020606.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 1239339",
            url: "https://bugzilla.suse.com/1239339",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2025-22869 page",
            url: "https://www.suse.com/security/cve/CVE-2025-22869/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2025-27144 page",
            url: "https://www.suse.com/security/cve/CVE-2025-27144/",
         },
      ],
      title: "Security update for buildah",
      tracking: {
         current_release_date: "2025-03-26T09:03:07Z",
         generator: {
            date: "2025-03-26T09:03:07Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2025:1018-1",
         initial_release_date: "2025-03-26T09:03:07Z",
         revision_history: [
            {
               date: "2025-03-26T09:03:07Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "buildah-1.35.5-150500.3.34.1.aarch64",
                        product: {
                           name: "buildah-1.35.5-150500.3.34.1.aarch64",
                           product_id: "buildah-1.35.5-150500.3.34.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "buildah-1.35.5-150500.3.34.1.i586",
                        product: {
                           name: "buildah-1.35.5-150500.3.34.1.i586",
                           product_id: "buildah-1.35.5-150500.3.34.1.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "buildah-1.35.5-150500.3.34.1.ppc64le",
                        product: {
                           name: "buildah-1.35.5-150500.3.34.1.ppc64le",
                           product_id: "buildah-1.35.5-150500.3.34.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "buildah-1.35.5-150500.3.34.1.s390x",
                        product: {
                           name: "buildah-1.35.5-150500.3.34.1.s390x",
                           product_id: "buildah-1.35.5-150500.3.34.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "buildah-1.35.5-150500.3.34.1.x86_64",
                        product: {
                           name: "buildah-1.35.5-150500.3.34.1.x86_64",
                           product_id: "buildah-1.35.5-150500.3.34.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Module for Containers 15 SP6",
                        product: {
                           name: "SUSE Linux Enterprise Module for Containers 15 SP6",
                           product_id: "SUSE Linux Enterprise Module for Containers 15 SP6",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-module-containers:15:sp6",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                        product: {
                           name: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                           product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle_hpc-espos:15:sp5",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                        product: {
                           name: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                           product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp5",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Server 15 SP5-LTSS",
                        product: {
                           name: "SUSE Linux Enterprise Server 15 SP5-LTSS",
                           product_id: "SUSE Linux Enterprise Server 15 SP5-LTSS",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sles-ltss:15:sp5",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                        product: {
                           name: "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                           product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sles_sap:15:sp5",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.6",
                        product: {
                           name: "openSUSE Leap 15.6",
                           product_id: "openSUSE Leap 15.6",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.6",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.aarch64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.ppc64le",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.s390x",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.x86_64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
               product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.aarch64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
               product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.x86_64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
               product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
               product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
               product_id: "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP5-LTSS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
               product_id: "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.ppc64le",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP5-LTSS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
               product_id: "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.s390x",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP5-LTSS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
               product_id: "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP5-LTSS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
               product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.ppc64le",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
               product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.x86_64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.aarch64 as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.aarch64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.ppc64le as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.ppc64le",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.s390x as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.s390x",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "buildah-1.35.5-150500.3.34.1.x86_64 as component of openSUSE Leap 15.6",
               product_id: "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.x86_64",
            },
            product_reference: "buildah-1.35.5-150500.3.34.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.6",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2025-22869",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2025-22869",
            },
         ],
         notes: [
            {
               category: "general",
               text: "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.aarch64",
               "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.x86_64",
               "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
               "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.aarch64",
               "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.ppc64le",
               "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.s390x",
               "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.x86_64",
               "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
               "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.ppc64le",
               "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.s390x",
               "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.ppc64le",
               "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.x86_64",
               "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.aarch64",
               "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.ppc64le",
               "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.s390x",
               "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2025-22869",
               url: "https://www.suse.com/security/cve/CVE-2025-22869",
            },
            {
               category: "external",
               summary: "SUSE Bug 1239322 for CVE-2025-22869",
               url: "https://bugzilla.suse.com/1239322",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.s390x",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.x86_64",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.aarch64",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.s390x",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.s390x",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.x86_64",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.aarch64",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.s390x",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2025-03-26T09:03:07Z",
               details: "important",
            },
         ],
         title: "CVE-2025-22869",
      },
      {
         cve: "CVE-2025-27144",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2025-27144",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters.  An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.aarch64",
               "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.x86_64",
               "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
               "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.aarch64",
               "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.ppc64le",
               "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.s390x",
               "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.x86_64",
               "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
               "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.ppc64le",
               "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.s390x",
               "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.ppc64le",
               "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.x86_64",
               "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.aarch64",
               "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.ppc64le",
               "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.s390x",
               "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2025-27144",
               url: "https://www.suse.com/security/cve/CVE-2025-27144",
            },
            {
               category: "external",
               summary: "SUSE Bug 1237608 for CVE-2025-27144",
               url: "https://bugzilla.suse.com/1237608",
            },
            {
               category: "external",
               summary: "SUSE Bug 1237609 for CVE-2025-27144",
               url: "https://bugzilla.suse.com/1237609",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.s390x",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.x86_64",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.aarch64",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.s390x",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.aarch64",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.s390x",
                  "SUSE Linux Enterprise Server 15 SP5-LTSS:buildah-1.35.5-150500.3.34.1.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "SUSE Linux Enterprise Server for SAP Applications 15 SP5:buildah-1.35.5-150500.3.34.1.x86_64",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.aarch64",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.ppc64le",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.s390x",
                  "openSUSE Leap 15.6:buildah-1.35.5-150500.3.34.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2025-03-26T09:03:07Z",
               details: "important",
            },
         ],
         title: "CVE-2025-27144",
      },
   ],
}

cve-2025-27144

Vulnerability from cvelistv5

Published

2025-02-24 22:22

Modified

2025-02-25 14:27

Severity ?

6.6 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Summary

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.

References

▼	URL	Tags
	https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78	x_refsource_CONFIRM
	https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22	x_refsource_MISC
	https://github.com/go-jose/go-jose/releases/tag/v4.0.5	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	go-jose	go-jose	Version: >= 4.0.0, < 4.0.5

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2025-27144",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-25T14:26:42.682392Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-25T14:27:04.978Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "go-jose",
               vendor: "go-jose",
               versions: [
                  {
                     status: "affected",
                     version: ">= 4.0.0, < 4.0.5",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters.  An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  attackComplexity: "LOW",
                  attackRequirements: "NONE",
                  attackVector: "NETWORK",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  privilegesRequired: "NONE",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
                  version: "4.0",
                  vulnAvailabilityImpact: "HIGH",
                  vulnConfidentialityImpact: "NONE",
                  vulnIntegrityImpact: "NONE",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-770",
                     description: "CWE-770: Allocation of Resources Without Limits or Throttling",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-24T22:22:22.863Z",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               name: "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78",
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78",
            },
            {
               name: "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22",
            },
            {
               name: "https://github.com/go-jose/go-jose/releases/tag/v4.0.5",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/go-jose/go-jose/releases/tag/v4.0.5",
            },
         ],
         source: {
            advisory: "GHSA-c6gw-w398-hv78",
            discovery: "UNKNOWN",
         },
         title: "Go JOSE's Parsing Vulnerable to Denial of Service",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2025-27144",
      datePublished: "2025-02-24T22:22:22.863Z",
      dateReserved: "2025-02-19T16:30:47.777Z",
      dateUpdated: "2025-02-25T14:27:04.978Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2025-22869

Vulnerability from cvelistv5

Published

2025-02-26 03:07

Modified

2025-04-11 22:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

References

▼	URL	Tags
	https://go.dev/cl/652135
	https://go.dev/issue/71931
	https://pkg.go.dev/vuln/GO-2025-3487

Impacted products

	Vendor	Product	Version
	golang.org/x/crypto	golang.org/x/crypto/ssh	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 7.5,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "NONE",
                     integrityImpact: "NONE",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2025-22869",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-26T14:57:07.968721Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-770",
                        description: "CWE-770 Allocation of Resources Without Limits or Throttling",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-26T14:57:49.252Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2025-04-11T22:03:24.222Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://security.netapp.com/advisory/ntap-20250411-0010/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://pkg.go.dev",
               defaultStatus: "unaffected",
               packageName: "golang.org/x/crypto/ssh",
               product: "golang.org/x/crypto/ssh",
               programRoutines: [
                  {
                     name: "newHandshakeTransport",
                  },
                  {
                     name: "handshakeTransport.recordWriteError",
                  },
                  {
                     name: "handshakeTransport.kexLoop",
                  },
                  {
                     name: "handshakeTransport.writePacket",
                  },
                  {
                     name: "Client.Dial",
                  },
                  {
                     name: "Client.DialContext",
                  },
                  {
                     name: "Client.DialTCP",
                  },
                  {
                     name: "Client.Listen",
                  },
                  {
                     name: "Client.ListenTCP",
                  },
                  {
                     name: "Client.ListenUnix",
                  },
                  {
                     name: "Client.NewSession",
                  },
                  {
                     name: "Dial",
                  },
                  {
                     name: "DiscardRequests",
                  },
                  {
                     name: "NewClient",
                  },
                  {
                     name: "NewClientConn",
                  },
                  {
                     name: "NewServerConn",
                  },
                  {
                     name: "Request.Reply",
                  },
                  {
                     name: "Session.Close",
                  },
                  {
                     name: "Session.CombinedOutput",
                  },
                  {
                     name: "Session.Output",
                  },
                  {
                     name: "Session.RequestPty",
                  },
                  {
                     name: "Session.RequestSubsystem",
                  },
                  {
                     name: "Session.Run",
                  },
                  {
                     name: "Session.SendRequest",
                  },
                  {
                     name: "Session.Setenv",
                  },
                  {
                     name: "Session.Shell",
                  },
                  {
                     name: "Session.Signal",
                  },
                  {
                     name: "Session.Start",
                  },
                  {
                     name: "Session.WindowChange",
                  },
                  {
                     name: "channel.Accept",
                  },
                  {
                     name: "channel.Close",
                  },
                  {
                     name: "channel.CloseWrite",
                  },
                  {
                     name: "channel.Read",
                  },
                  {
                     name: "channel.ReadExtended",
                  },
                  {
                     name: "channel.Reject",
                  },
                  {
                     name: "channel.SendRequest",
                  },
                  {
                     name: "channel.Write",
                  },
                  {
                     name: "channel.WriteExtended",
                  },
                  {
                     name: "connection.SendAuthBanner",
                  },
                  {
                     name: "curve25519sha256.Client",
                  },
                  {
                     name: "curve25519sha256.Server",
                  },
                  {
                     name: "dhGEXSHA.Client",
                  },
                  {
                     name: "dhGEXSHA.Server",
                  },
                  {
                     name: "dhGroup.Client",
                  },
                  {
                     name: "dhGroup.Server",
                  },
                  {
                     name: "ecdh.Client",
                  },
                  {
                     name: "ecdh.Server",
                  },
                  {
                     name: "extChannel.Read",
                  },
                  {
                     name: "extChannel.Write",
                  },
                  {
                     name: "mux.OpenChannel",
                  },
                  {
                     name: "mux.SendRequest",
                  },
                  {
                     name: "sessionStdin.Close",
                  },
                  {
                     name: "sshClientKeyboardInteractive.Challenge",
                  },
                  {
                     name: "tcpListener.Accept",
                  },
                  {
                     name: "tcpListener.Close",
                  },
                  {
                     name: "unixListener.Accept",
                  },
                  {
                     name: "unixListener.Close",
                  },
               ],
               vendor: "golang.org/x/crypto",
               versions: [
                  {
                     lessThan: "0.35.0",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Yuichi Watanabe",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "CWE-770: Allocation of Resources Without Limits or Throttling",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-26T03:07:48.855Z",
            orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc",
            shortName: "Go",
         },
         references: [
            {
               url: "https://go.dev/cl/652135",
            },
            {
               url: "https://go.dev/issue/71931",
            },
            {
               url: "https://pkg.go.dev/vuln/GO-2025-3487",
            },
         ],
         title: "Potential denial of service in golang.org/x/crypto",
      },
   },
   cveMetadata: {
      assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc",
      assignerShortName: "Go",
      cveId: "CVE-2025-22869",
      datePublished: "2025-02-26T03:07:48.855Z",
      dateReserved: "2025-01-08T19:11:42.834Z",
      dateUpdated: "2025-04-11T22:03:24.222Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

cve-2025-27144

Vulnerability from cvelistv5

cve-2025-22869

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature