Redhat Openshift Container Platform vulnerabilities

CVE-2026-0966 [HIGH] CWE-124 CVE-2026-0966: A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service w A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful ex

CVE-2026-0964 [MEDIUM] CVE-2026-0964: A malicious SCP server can send unexpected paths that could make the client application override loc A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

CVE-2026-4897 [MEDIUM] CWE-770 CVE-2026-4897: A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessiv A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

CVE-2026-4647 [MEDIUM] CWE-125 CVE-2026-4647: A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds.

CVE-2026-4424 [HIGH] CWE-125 CVE-2026-4424: A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory

CVE-2026-4426 [MEDIUM] CWE-1335 CVE-2026-4426: A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompressi A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential applicat

CVE-2026-3441 [HIGH] CWE-125 CVE-2026-3441: A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an ap

CVE-2026-3442 [HIGH] CWE-125 CVE-2026-3442: A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the

CVE-2025-12801 [MEDIUM] CWE-279 CVE-2025-12801: A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, a

CVE-2025-13601 [HIGH] CWE-190 CVE-2025-13601: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer si A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off t

CVE-2025-8283 [LOW] CWE-15 CVE-2025-8283: A vulnerability was found in the netavark package, a network stack for containers used with Podman. A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's

CVE-2025-7519 [MEDIUM] CWE-787 CVE-2025-7519: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy f

CVE-2025-7424 [HIGH] CWE-843 CVE-2025-7424: A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet an A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

CVE-2025-32990 [HIGH] CWE-122 CVE-2025-32990: A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing lo A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the

CVE-2025-32988 [HIGH] CWE-415 CVE-2025-32988: A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when

CVE-2025-32989 [MEDIUM] CWE-295 CVE-2025-32989: A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transpare A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This iss

CVE-2025-5372 [HIGH] CWE-682 CVE-2025-5372: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails

CVE-2025-5351 [MEDIUM] CWE-415 CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue occurs in the internal functio A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition m

CVE-2025-5318 [HIGH] CWE-125 CVE-2025-5318: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be tr A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authentica

CVE-2025-6170 [LOW] CWE-121 CVE-2025-6170: A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML fil A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.