The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Affected range
<1.24.11
Fixed version
1.24.11
EPSS Score
0.017%
EPSS Percentile
3rd percentile
Description
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Affected range
<1.24.12
Fixed version
1.24.12
EPSS Score
0.030%
EPSS Percentile
8th percentile
Description
The net/url package does not set a limit on the number of query parameters in a query.
While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.031%
EPSS Percentile
8th percentile
Description
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.038%
EPSS Percentile
11th percentile
Description
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.
This affects programs which parse untrusted PEM inputs.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.018%
EPSS Percentile
4th percentile
Description
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.
This affects programs which validate arbitrary certificate chains.
Affected range
<1.24.9
Fixed version
1.24.9
EPSS Score
0.018%
EPSS Percentile
4th percentile
Description
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate.
This affects programs which validate arbitrary certificate chains.
Affected range
>=1.24.0-0 <1.24.4
Fixed version
1.24.4
EPSS Score
0.016%
EPSS Percentile
3rd percentile
Description
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Affected range
>=1.24.0-0 <1.24.4
Fixed version
1.24.4
EPSS Score
0.011%
EPSS Percentile
1st percentile
Description
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Affected range
<1.24.12
Fixed version
1.24.12
EPSS Score
0.022%
EPSS Percentile
5th percentile
Description
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
Affected range
<1.24.11
Fixed version
1.24.11
EPSS Score
0.010%
EPSS Percentile
1st percentile
Description
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
Affected range
>=1.24.0 <1.24.6
Fixed version
1.24.6
EPSS Score
0.020%
EPSS Percentile
4th percentile
Description
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Affected range
>=1.24.0-0 <1.24.4
Fixed version
1.24.4
EPSS Score
0.009%
EPSS Percentile
1st percentile
Description
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Affected range
<1.24.12
Fixed version
1.24.12
EPSS Score
0.024%
EPSS Percentile
6th percentile
Description
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.022%
EPSS Percentile
5th percentile
Description
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.014%
EPSS Percentile
2nd percentile
Description
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.030%
EPSS Percentile
8th percentile
Description
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.032%
EPSS Percentile
9th percentile
Description
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.032%
EPSS Percentile
9th percentile
Description
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
Affected range
<1.24.13
Fixed version
1.24.13
Description
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.016%
EPSS Percentile
3rd percentile
Description
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Affected range
>=1.24.0-0 <1.24.3
Fixed version
1.24.3
EPSS Score
0.005%
EPSS Percentile
0th percentile
Description
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
stdlib1.24.6 (golang)
pkg:golang/stdlib@1.24.6
# mongo-8.dockerfile (51:51) FROM mongo:8.2.3
Affected range
<1.24.11
Fixed version
1.24.11
EPSS Score
0.017%
EPSS Percentile
3rd percentile
Description
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Affected range
<1.24.12
Fixed version
1.24.12
EPSS Score
0.030%
EPSS Percentile
8th percentile
Description
The net/url package does not set a limit on the number of query parameters in a query.
While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.031%
EPSS Percentile
8th percentile
Description
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.038%
EPSS Percentile
11th percentile
Description
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.
This affects programs which parse untrusted PEM inputs.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.018%
EPSS Percentile
4th percentile
Description
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.
This affects programs which validate arbitrary certificate chains.
Affected range
<1.24.9
Fixed version
1.24.9
EPSS Score
0.018%
EPSS Percentile
4th percentile
Description
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate.
This affects programs which validate arbitrary certificate chains.
Affected range
<1.24.12
Fixed version
1.24.12
EPSS Score
0.022%
EPSS Percentile
5th percentile
Description
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
Affected range
<1.24.11
Fixed version
1.24.11
EPSS Score
0.010%
EPSS Percentile
1st percentile
Description
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
Affected range
<1.24.12
Fixed version
1.24.12
EPSS Score
0.024%
EPSS Percentile
6th percentile
Description
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.022%
EPSS Percentile
5th percentile
Description
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.014%
EPSS Percentile
2nd percentile
Description
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.030%
EPSS Percentile
8th percentile
Description
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.032%
EPSS Percentile
9th percentile
Description
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.032%
EPSS Percentile
9th percentile
Description
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
Affected range
<1.24.13
Fixed version
1.24.13
Description
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Affected range
<1.24.8
Fixed version
1.24.8
EPSS Score
0.016%
EPSS Percentile
3rd percentile
Description
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
stdlib1.25.5 (golang)
pkg:golang/stdlib@1.25.5
# mongo-8.dockerfile (124:124) RUN chmod -R g+rwX /opt/bitnami
Affected range
>=1.25.0 <1.25.6
Fixed version
1.25.6
EPSS Score
0.030%
EPSS Percentile
8th percentile
Description
The net/url package does not set a limit on the number of query parameters in a query.
While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Affected range
>=1.25.0 <1.25.6
Fixed version
1.25.6
EPSS Score
0.022%
EPSS Percentile
5th percentile
Description
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
Affected range
>=1.25.0 <1.25.6
Fixed version
1.25.6
EPSS Score
0.024%
EPSS Percentile
6th percentile
Description
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
Affected range
>=1.25.0-0 <1.25.7
Fixed version
1.25.7
Description
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Affected range
>=0
Fixed version
Not Fixed
CVSS Score
4.7
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.006%
EPSS Percentile
0th percentile
Description
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
Affected range
>=0
Fixed version
Not Fixed
EPSS Score
0.006%
EPSS Percentile
0th percentile
Description
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
Affected range
>=0
Fixed version
Not Fixed
CVSS Score
3.3
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.019%
EPSS Percentile
4th percentile
Description
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
golang.org/x/crypto0.35.0 (golang)
pkg:golang/golang.org/x/crypto@0.35.0
# mongo-8.dockerfile (124:124) RUN chmod -R g+rwX /opt/bitnami
Affected range
<0.43.0
Fixed version
0.43.0
EPSS Score
0.033%
EPSS Percentile
9th percentile
Description
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
Allocation of Resources Without Limits or Throttling
Affected range
<0.45.0
Fixed version
0.45.0
CVSS Score
5.3
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.083%
EPSS Percentile
24th percentile
Description
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
Out-of-bounds Read
Affected range
<0.45.0
Fixed version
0.45.0
CVSS Score
5.3
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.018%
EPSS Percentile
4th percentile
Description
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
Affected range
<3.12.3-1ubuntu0.11
Fixed version
3.12.3-1ubuntu0.11
CVSS Score
5.5
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.019%
EPSS Percentile
4th percentile
Description
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Affected range
<3.12.3-1ubuntu0.11
Fixed version
3.12.3-1ubuntu0.11
CVSS Score
5.3
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.090%
EPSS Percentile
26th percentile
Description
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Affected range
<3.12.3-1ubuntu0.11
Fixed version
3.12.3-1ubuntu0.11
EPSS Score
0.088%
EPSS Percentile
25th percentile
Description
User-controlled header names and values containing newlines can allow injecting HTTP headers.
Affected range
<3.12.3-1ubuntu0.11
Fixed version
3.12.3-1ubuntu0.11
EPSS Score
0.081%
EPSS Percentile
24th percentile
Description
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Affected range
<3.12.3-1ubuntu0.11
Fixed version
3.12.3-1ubuntu0.11
EPSS Score
0.057%
EPSS Percentile
18th percentile
Description
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Affected range
<3.12.3-1ubuntu0.11
Fixed version
3.12.3-1ubuntu0.11
EPSS Score
0.057%
EPSS Percentile
18th percentile
Description
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Affected range
<3.12.3-1ubuntu0.11
Fixed version
3.12.3-1ubuntu0.11
EPSS Score
0.081%
EPSS Percentile
24th percentile
Description
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
Affected range
<3.12.3-1ubuntu0.11
Fixed version
3.12.3-1ubuntu0.11
EPSS Score
0.058%
EPSS Percentile
18th percentile
Description
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
Affected range
<2.39-0ubuntu8.7
Fixed version
2.39-0ubuntu8.7
EPSS Score
0.015%
EPSS Percentile
2nd percentile
Description
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.
Affected range
<2.39-0ubuntu8.7
Fixed version
2.39-0ubuntu8.7
EPSS Score
0.052%
EPSS Percentile
16th percentile
Description
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Affected range
<3.0.13-0ubuntu3.7
Fixed version
3.0.13-0ubuntu3.7
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.059%
EPSS Percentile
19th percentile
Description
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.
Affected range
<3.0.13-0ubuntu3.7
Fixed version
3.0.13-0ubuntu3.7
EPSS Score
0.070%
EPSS Percentile
22nd percentile
Description
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.
Affected range
<3.0.13-0ubuntu3.7
Fixed version
3.0.13-0ubuntu3.7
EPSS Score
0.015%
EPSS Percentile
3rd percentile
Description
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.
Affected range
<3.0.13-0ubuntu3.7
Fixed version
3.0.13-0ubuntu3.7
EPSS Score
0.070%
EPSS Percentile
21st percentile
Description
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.
Affected range
<3.0.13-0ubuntu3.7
Fixed version
3.0.13-0ubuntu3.7
EPSS Score
0.056%
EPSS Percentile
18th percentile
Description
Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.
Affected range
<3.0.13-0ubuntu3.7
Fixed version
3.0.13-0ubuntu3.7
EPSS Score
0.005%
EPSS Percentile
0th percentile
Description
Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated.
Impact summary: The trailing 1-15 bytes of a message may be exposed in cleartext on encryption and are not covered by the authentication tag, allowing an attacker to read or tamper with those bytes without detection.
The low-level OCB encrypt and decrypt routines in the hardware-accelerated stream path process full 16-byte blocks but do not advance the input/output pointers. The subsequent tail-handling code then operates on the original base pointers, effectively reprocessing the beginning of the buffer while leaving the actual trailing bytes unprocessed. The authentication checksum also excludes the true tail bytes.
However, typical OpenSSL consumers using EVP are not affected because the higher-level EVP and provider OCB implementations split inputs so that full blocks and trailing partial blocks are processed in separate calls, avoiding the problematic code path. Additionally, TLS does not use OCB ciphersuites. The vulnerability only affects applications that call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with non-block-aligned lengths in a single call on hardware-accelerated builds. For these reasons the issue was assessed as Low severity.
The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as OCB mode is not a FIPS-approved algorithm.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.
Affected range
<3.0.13-0ubuntu3.7
Fixed version
3.0.13-0ubuntu3.7
EPSS Score
0.014%
EPSS Percentile
2nd percentile
Description
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.
golang.org/x/net0.36.0 (golang)
pkg:golang/golang.org/x/net@0.36.0
# mongo-8.dockerfile (124:124) RUN chmod -R g+rwX /opt/bitnami
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g.
Affected range
<0.45.0
Fixed version
0.45.0
Description
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Affected range
<0.45.0
Fixed version
0.45.0
Description
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
In js-yaml 4.1.0, 4.0.0, and 3.14.1 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.
You can protect against this kind of attack on the server by using node --disable-proto=delete or deno (in Deno, pollution protection is on by default).
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (path=\"/\",). Since this site is not secure, the cookie should just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
Affected range
>=0
Fixed version
Not Fixed
EPSS Score
0.049%
EPSS Percentile
15th percentile
Description
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
Affected range
>=0
Fixed version
Not Fixed
EPSS Score
0.021%
EPSS Percentile
5th percentile
Description
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.
Affected range
>=0
Fixed version
Not Fixed
EPSS Score
0.036%
EPSS Percentile
10th percentile
Description
When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.
Affected range
>=0
Fixed version
Not Fixed
EPSS Score
0.021%
EPSS Percentile
5th percentile
Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
Affected range
>=0
Fixed version
Not Fixed
EPSS Score
0.095%
EPSS Percentile
27th percentile
Description
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
Affected range
>=0
Fixed version
Not Fixed
EPSS Score
0.173%
EPSS Percentile
39th percentile
Description
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
stdlib 
stdlib 
openssl 
golang.org/x/net 
