stdlib 1.24.6 (golang)
pkg:golang/stdlib@1.24.6
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <1.24.13 | | Fixed version | 1.24.13 | | EPSS Score | 0.765% | | EPSS Percentile | 51st percentile |
Description
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

| Affected range | <1.25.11 | | Fixed version | 1.25.11 | | EPSS Score | 0.560% | | EPSS Percentile | 43rd percentile |
Description
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

| Affected range | <1.25.10 | | Fixed version | 1.25.10 | | EPSS Score | 0.798% | | EPSS Percentile | 52nd percentile |
Description
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

| Affected range | <1.25.10 | | Fixed version | 1.25.10 | | EPSS Score | 0.588% | | EPSS Percentile | 44th percentile |
Description
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

| Affected range | <1.25.10 | | Fixed version | 1.25.10 | | EPSS Score | 0.784% | | EPSS Percentile | 52nd percentile |
Description
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

| Affected range | <1.25.10 | | Fixed version | 1.25.10 | | EPSS Score | 0.781% | | EPSS Percentile | 52nd percentile |
Description
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

| Affected range | <1.25.10 | | Fixed version | 1.25.10 | | EPSS Score | 0.813% | | EPSS Percentile | 53rd percentile |
Description
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

| Affected range | <1.25.9 | | Fixed version | 1.25.9 | | EPSS Score | 0.621% | | EPSS Percentile | 45th percentile |
Description
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service.
This only affects TLS 1.3.

| Affected range | <1.25.9 | | Fixed version | 1.25.9 | | EPSS Score | 0.349% | | EPSS Percentile | 27th percentile |
Description
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service.
This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

| Affected range | <1.25.9 | | Fixed version | 1.25.9 | | EPSS Score | 0.615% | | EPSS Percentile | 45th percentile |
Description
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

| Affected range | <1.25.8 | | Fixed version | 1.25.8 | | EPSS Score | 0.728% | | EPSS Percentile | 50th percentile |
Description
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

| Affected range | <1.24.11 | | Fixed version | 1.24.11 | | EPSS Score | 0.459% | | EPSS Percentile | 37th percentile |
Description
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

| Affected range | <1.24.12 | | Fixed version | 1.24.12 | | EPSS Score | 1.945% | | EPSS Percentile | 78th percentile |
Description
The net/url package does not set a limit on the number of query parameters in a query.
While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.613% | | EPSS Percentile | 45th percentile |
Description
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.626% | | EPSS Percentile | 46th percentile |
Description
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.
This affects programs which parse untrusted PEM inputs.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.361% | | EPSS Percentile | 28th percentile |
Description
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.
This affects programs which validate arbitrary certificate chains.

| Affected range | <1.24.9 | | Fixed version | 1.24.9 | | EPSS Score | 0.384% | | EPSS Percentile | 30th percentile |
Description
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate.
This affects programs which validate arbitrary certificate chains.

| Affected range | <1.25.11 | | Fixed version | 1.25.11 | | EPSS Score | 0.904% | | EPSS Percentile | 55th percentile |
Description
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname.
With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

| Affected range | <1.24.12 | | Fixed version | 1.24.12 | | EPSS Score | 0.643% | | EPSS Percentile | 46th percentile |
Description
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

| Affected range | <1.24.11 | | Fixed version | 1.24.11 | | EPSS Score | 0.274% | | EPSS Percentile | 19th percentile |
Description
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

| Affected range | <1.25.9 | | Fixed version | 1.25.9 | | EPSS Score | 0.292% | | EPSS Percentile | 21st percentile |
Description
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root.
The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.

| Affected range | <1.25.10 | | Fixed version | 1.25.10 | | EPSS Score | 0.371% | | EPSS Percentile | 29th percentile |
Description
If a trusted template author were to write a
</blockquote>
</details>
<a href="https://scout.docker.com/v/CVE-2026-39823?s=golang&n=stdlib&t=golang&vr=%3C1.25.10"><img alt="medium : CVE--2026--39823" src="https://img.shields.io/badge/CVE--2026--39823-lightgrey?label=medium%20&labelColor=fbb552"/></a>
| Affected range | <1.25.10 | | Fixed version | 1.25.10 | | EPSS Score | 0.314% | | EPSS Percentile | 23rd percentile |
Description
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS.

| Affected range | <1.25.9 | | Fixed version | 1.25.9 | | EPSS Score | 0.290% | | EPSS Percentile | 21st percentile |
Description
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied.
These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.

| Affected range | <1.25.8 | | Fixed version | 1.25.8 | | EPSS Score | 0.328% | | EPSS Percentile | 25th percentile |
Description
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh".
A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.

| Affected range | <1.25.9 | | Fixed version | 1.25.9 | | EPSS Score | 0.290% | | EPSS Percentile | 21st percentile |
Description
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

| Affected range | <1.25.11 | | Fixed version | 1.25.11 | | EPSS Score | 0.370% | | EPSS Percentile | 29th percentile |
Description
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.

| Affected range | <1.25.10 | | Fixed version | 1.25.10 | | EPSS Score | 0.390% | | EPSS Percentile | 31st percentile |
Description
ReverseProxy can forward queries containing parameters not visible to Rewrite functions.
When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function.
For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.

| Affected range | <1.24.12 | | Fixed version | 1.24.12 | | EPSS Score | 0.276% | | EPSS Percentile | 19th percentile |
Description
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.526% | | EPSS Percentile | 41st percentile |
Description
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.443% | | EPSS Percentile | 36th percentile |
Description
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.534% | | EPSS Percentile | 41st percentile |
Description
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.526% | | EPSS Percentile | 41st percentile |
Description
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.443% | | EPSS Percentile | 36th percentile |
Description
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

| Affected range | <1.24.8 | | Fixed version | 1.24.8 | | EPSS Score | 0.419% | | EPSS Percentile | 34th percentile |
Description
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

| Affected range | <1.25.8 | | Fixed version | 1.25.8 | | EPSS Score | 0.201% | | EPSS Percentile | 10th percentile |
Description
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened.
The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
|
perl 5.40.1-6 (deb)
pkg:deb/debian/perl@5.40.1-6?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.389% | | EPSS Percentile | 31st percentile |
Description
Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.373% | | EPSS Percentile | 29th percentile |
Description
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward() compares length $offset (the digit count of the offset, 1 to 19) against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration. Extracting a named entry from an attacker supplied zip via IO::Uncompress::Unzip->new($zip, Name => $target) drives a per-byte read loop scaling with the entry's compressed size, up to the non-Zip64 4 GiB cap.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.292% | | EPSS Percentile | 21st percentile |
Description
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl. Arbitrary Perl in the output glob executes at the calling process's privilege.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.227% | | EPSS Percentile | 13th percentile |
Description
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one of these inputs, for example a user supplied URL passed to a webhook or URL fetch endpoint, can inject additional headers and smuggle requests to the upstream server.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.127% | | EPSS Percentile | 3rd percentile |
Description
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die. The exception propagates out of IO::Uncompress::Unzip->new($file) where callers expect undef plus $UnzipError.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.262% | | EPSS Percentile | 18th percentile |
Description
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decode_ux() in bin/zipdetails handles an Info-ZIP Unix Extra Field (tag 0x7875) with UID Size or GID Size set to 8, causing zipdetails to decode an 8-byte UID or GID value, it dispatches through decodeLitteEndian(), which calls a misnamed helper unpackValueQ. The actual function defined in the same file is unpackValue_Q (with underscore); the call raises 'Undefined subroutine &main::unpackValueQ' and the script exits with status 255. Library callers of IO::Compress and IO::Uncompress are not affected; the defect is in the bundled CLI tool.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.520% | | EPSS Percentile | 40th percentile |
Description
_is_safe in the File::Temp module for Perl does not properly handle symlinks.

| Affected range | >0 | | Fixed version | Not Fixed |
Description
|
gnutls28 3.8.9-3+deb13u2 (deb)
pkg:deb/debian/gnutls28@3.8.9-3%2Bdeb13u2?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.727% | | EPSS Percentile | 50th percentile |
Description
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.423% | | EPSS Percentile | 34th percentile |
Description
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 1.335% | | EPSS Percentile | 68th percentile |
Description
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 1.263% | | EPSS Percentile | 66th percentile |
Description
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.805% | | EPSS Percentile | 52nd percentile |
Description
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.475% | | EPSS Percentile | 38th percentile |
Description
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.354% | | EPSS Percentile | 27th percentile |
Description
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 1.050% | | EPSS Percentile | 60th percentile |
Description
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.150% | | EPSS Percentile | 5th percentile |
Description
A flaw was found in GnuTLS. The gnutls_pkcs11_token_set_pin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.566% | | EPSS Percentile | 43rd percentile |
Description
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName (DNS) or rfc822Name (email) constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.727% | | EPSS Percentile | 50th percentile |
Description
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.379% | | EPSS Percentile | 30th percentile |
Description
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

| Affected range | <3.8.9-3+deb13u4 | | Fixed version | 3.8.9-3+deb13u4 | | EPSS Score | 0.720% | | EPSS Percentile | 49th percentile |
Description
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 73.327% | | EPSS Percentile | 99th percentile |
Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
|
openssl 3.5.5-1~deb13u2 (deb)
pkg:deb/debian/openssl@3.5.5-1~deb13u2?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 2.719% | | EPSS Percentile | 84th percentile |
Description
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.358% | | EPSS Percentile | 28th percentile |
Description
Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination size for Unicode output is computed in a signed int: by left shift of the input character count for BMPSTRING (UTF-16) and UNIVERSALSTRING (UTF-32), and by summing per-character byte counts for UTF8STRING. The calculation overflows when the input reaches around 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30 characters) the size wraps to zero, OPENSSL_malloc(1) is called, and the subsequent character copy writes several gigabytes past the one-byte allocation. X.509 certificate processing routes through ASN1_STRING_set_by_NID(), whose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID size limits cap the input length; no network protocol or certificate-handling path in OpenSSL exercises the overflow. Triggering the bug requires an application that calls ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers a custom string type via ASN1_STRING_TABLE_add(), with attacker-controlled input on the order of half a gigabyte or more. For these reasons this issue was assigned Low severity. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.297% | | EPSS Percentile | 21st percentile |
Description
Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not revealed to the attacker. The key unwrapping function performs a check-byte test as specified in the RFC that reads 7 bytes from a heap allocation that is based on the wrapped key length from the message. There is a minimum length check based on the block length of the wrapping cipher. However the cipher is selected from an OID carried in the attacker's PWRI keyEncryptionAlgorithm with no requirement that the cipher be a block cipher. When an attacker selects a stream-mode cipher the guard will be ineffective and the allocated buffer containing the unwrapped key can be too small to fit the check-bytes specified in the RFC and a buffer over-read can happen. Applications calling CMS_decrypt() or CMS_decrypt_set1_password() (equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS data are vulnerable to this issue. No password knowledge is required: the over-read happens during the unwrap attempt before any authentication succeeds. The over-read is limited to a few bytes and is not written to output, so there is no information disclosure. Triggering a crash requires the allocation to border unmapped memory, which is unlikely with the normal allocator. The FIPS modules are not affected by this issue.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.513% | | EPSS Percentile | 40th percentile |
Description
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application (Denial of Service) or to load into the decoded ASN.1 object contents of memory beyond the end of the input buffer. More typically such ASN.1 elements would instead be truncated. An integer truncation in OpenSSL's ASN.1 decoder causes the content length of an ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In the worst case the truncated length is treated as a request to scan the binary content for a terminating zero byte, possibly causing OpenSSL to read either less than or beyond the end of the allocated buffer. Applications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), or any other d2i_* decoding function are affected. OpenSSL's own command-line tools are not vulnerable, as data read through the BIO layer is checked before it reaches the affected code. The issue only affects 64-bit Unix and Unix-like platforms; 32-bit platforms and 64-bit Windows are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.595% | | EPSS Percentile | 44th percentile |
Description
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined as OPTIONAL in the ASN.1 specification and may therefore be absent in specially crafted inputs. During the password-based CMS decryption the OpenSSL CMS implementation dereferences this field without first checking whether it was present. An attacker who supplies such a CMS message to an application performing password-based CMS decryption can trigger an application crash, leading to a Denial of Service. Applications that process password-encrypted CMS messages may be affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.210% | | EPSS Percentile | 11th percentile |
Description
Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's application using these ciphers. AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEAD modes: they accept a key, nonce, optional AAD (bytes that are authenticated but not encrypted), and plaintext, and produces ciphertext plus a 16-byte tag. On decrypt, EVP_DecryptFinal_ex() is documented to return success only if the tag is verified succesfully. In OpenSSL's provider implementation of these ciphers, the expected tag is computed only when decryption function is invoked with non-empty data. If the caller supplies AAD and then calls EVP_DecryptFinal_ex() without invocation of the ciphertext update, which can happen when the received ciphertext length is zero, the tag is never recalculated and still holds its all-zeros value. When AES-GCM-SIV is used, an attacker who sends arbitrary AAD, empty ciphertext, and all-zeros tag passes authentication under any key they do not know, single-shot. When AES-SIV is used, for mounting the attack it's necessary for the application to reuse the decryption context without resetting the key. AES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented since OpenSSL 3.2. No protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) support either AES-GCM-SIV or AES-SIV. To mount an attack, the applications must implement their own protocol and use the EVP interface. Also they must skip the ciphertext update when a message with an empty ciphertext arrives. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as these algorithms are not FIPS approved and the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.320% | | EPSS Percentile | 24th percentile |
Description
Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV supplied by the caller, resulting in (key, nonce) reuse and loss of confidentiality. If the same code path is used to compute the authentication tag, the tag depends only on the (key, IV) pair and not on the plaintext or ciphertext, allowing universal forgery of arbitrary ciphertext from a single captured message. OpenSSL provides two ways to drive a cipher: the documented streaming interface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-level one-shot, EVP_Cipher(), whose documentation explicitly recommends against use by applications in favour of EVP_CipherUpdate() and EVP_CipherFinal_ex(). The OCB provider's streaming handler flushes the application-supplied IV into the OCB context before processing data; the one-shot handler did not. Every call to EVP_Cipher() on an AES-OCB context therefore ran with the all-zero key-derived offset state left by cipher initialisation, regardless of the caller's IV. If EVP_EncryptFinal_ex() is subsequently used to obtain the authentication tag, the deferred IV setup runs at that point and clears the running checksum that should have been accumulated over the plaintext. The resulting tag is a function of (key, IV) only and verifies against any ciphertext produced under the same (key, IV) pair. The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a TLS cipher suite, and libssl does not call EVP_Cipher() in any case. Applications that drive AES-OCB through the documented streaming AEAD API (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only applications that combine the AES-OCB cipher with the EVP_Cipher() one-shot API are vulnerable. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as AES-OCB is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.259% | | EPSS Percentile | 17th percentile |
Description
Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r (a small prime factor of the cofactor (p−1)/q_local), and a public value Y of order r can recover the victim's private key after a small number of key exchange attempts. When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the subgroup membership check Y^q ≡ 1 (mod p) is performed using the peer's own q parameter, not the local key's q. The peer's domain parameters are then matched against the domain parameters of the private key, but the value of q is not compared. A malicious peer who presents an X9.42 key carrying the victim's p, g, a forged q = r (a small prime factor of the cofactor), and a public value Y of order r passes all checks. The shared secret then takes only r distinct values, leaking priv mod r. Repeating for each small-prime factor of the cofactor and combining via CRT recovers the full private key (Lim–Lee / small-subgroup-confinement attack). The realistic attack surface is narrow: principally CMP deployments with long-lived RA/CA DHX keys and bespoke enterprise or government applications using X9.42 DHX static keys with interactive protocols and therefore this issue was assigned Low severity. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by this issue.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.262% | | EPSS Percentile | 18th percentile |
Description
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority (RA) level to the root Certification Authority (root CA) level. Impact Summary: The Registration Autority could replace the root CA certificate for the CMP clients with an arbitrary root CA certificate. One of the parts of the Certificate Management Protocol (CMP), specified in RFC 9810, is Root Certification Authority (root CA) key Rollover, which is sent by the server in a message with type 'id-it-rootCaKeyUpdate'. As part of these messages, 'newWithOld' certificate, the new root CA certificate signed with the old root CA key, is provided, and verifying its signature is crucial for transferring the trust from the old CA key to the new one. The 'id-it-rootCaKeyUpdate' messages are expected to be processed with OSSL_CMP_get1_rootCaKeyUpdate(), that is expected to verify the 'newWithOld' certificate. A typo in the certificate chain building code led to adding an incorrect certificate ('newWithOld' instead of 'oldRoot') to the certificate chain, rendering the certificate verification process ineffectual (only the issuer name and the algorithm OIDs were verified by other parts of the verification code). An attacker who already has credentials that satisfy the CMP message protection checks can generate a new key pair and use a crafted self-signed certificate in its 'id-it-rootCaKeyUpdate' CMP messages which affected CMP clients would accept as a new trust anchor. Significant preconditions for the attack (having valid RA-level credentials) are the reason the issue was assigned Low severity. The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.350% | | EPSS Percentile | 27th percentile |
Description
Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the victim's vulnerable application as a way to decrypt or sign messages with the victim's private RSA key. The attack is possible in 2 variants. 1. The decryption API (CMS_decrypt(), PKCS7_decrypt()) is used without providing the recipient certificate. In this case OpenSSL iterates over every KeyTransRecipientInfo (KTRI) without stopping at the first success. An attacker who authors a message with two KTRI entries — the first one wrapping a real CEK under the victim's public key, the second with an arbitrary probe ciphertext — obtains opportunity to iterate the 2nd KTRI to get a valid PKCS#1 v1.5 padding if the error code of the application is available. That is a Bleichenbacher oracle (Bleichenbacher, CRYPTO '98): an adaptive-chosen-ciphertext side channel from which the attacker decrypts any RSA ciphertext to the victim's key or forges any PKCS#1 v1.5 signature under it. 2. When the decryption API (CMS_decrypt(), PKCS7_decrypt()) is provided with the recipient certificate, and the recipient is not found, a random key is substituted. An attacker who authors a message and is able to compare both error code and the result of the decryption, can mount a Bleichenbacher oracle. We are not aware of any applications that provide a remote attacker an opportunity to mount an attack described in these scenarios. We consider the existence of such application very unlikely, and for this reason this CVE has been evaluated as Low severity. To avoid these attacks, when RSA PKCS#1 v1.5 Key Transport is in use, the invoked EVP_PKEY_decrypt() will use the implicit rejection mechanism described in draft-irtf-cfrg-rsa-guidance. In previous OpenSSL releases the implicit rejection was explicitly disabled. The implicit rejection mechanism always returns a plaintext value, the symmetric key. This result is deterministic for the ciphertext and the private key. The length of the decryption result can happen to match the length of the key of the symmetric cipher that was used for the content encryption. When a certificate is not provided, the last RecipientInfo producing a key that looks valid will be used. It may cause getting garbage content on decryption. As a proper way to deal with this a recipient certificate has to be provided to identify the particular RecipientInfo for decryption. The FIPS modules in 4.0, 3.6, 3.5, and 3.4 are not affected by this issue, as CMS and S/MIME processing happens outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.349% | | EPSS Percentile | 27th percentile |
Description
Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server (or acting as a man-in-the-middle) could craft a CMP response containing a CRMF (Certificate Request Message Format) CertRepMessage with an EncryptedValue structure where the symmAlg field has an algorithm OID but no parameters field. When the OpenSSL CMP client processes this response, the NULL dereference occurs, causing a crash of the CMP client. Applications that process untrusted CMP/CRMF messages may be affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.684% | | EPSS Percentile | 48th percentile |
Description
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial of Service. If the address validation is disabled in the OpenSSL QUIC server implementation, an attacker can crash the server by sending an initial packet with an invalid or expired token. By default, the client address validation is enabled in the OpenSSL QUIC server implementation, which makes the default configuration not vulnerable to this issue. However if the SSL_LISTENER_FLAG_NO_VALIDATE is used with the SSL_new_listener() call, the address validation is disabled making the vulnerable code reachable. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.511% | | EPSS Percentile | 40th percentile |
Description
Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QUIC client or server and a Denial of Service. A remote peer may exhaust heap memory by flooding the local QUIC stack with PATH_CHALLENGE frames. The local QUIC stack allocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives. The allocated PATH_RESPONSE frame gets freed only when the remote peer acknowledges reception of the PATH_RESPONSE frame which will not be done by a malicious peer. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue. The QUIC stack is outside of OpenSSL FIPS module boundary.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.237% | | EPSS Percentile | 15th percentile |
Description
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve key-equivalent functionality for a given CMS recipient and/or bypass integrity validation for a given message. In one use case, an attacker may send a CMS message containing AuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSL erroneously allows this selection, and attempts to decrypt and validate the message. An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedData addressed to the victim can re-emit it with the recipientInfos set left byte-for-byte intact, so the victim's private key still unwraps the genuine CEK (the content-encryption key), but with the inner OID rewritten to AES-256-OFB (Output Feedback Mode, an unauthenticated keystream mode) and with an attacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under the real CEK, never consults the MAC field, and CMS_decrypt() returns success. If the application under attack responds to the attacker with any indicator showing success or failure of the decryption effort, it is possible for the attacker to use this as an oracle to obtain key equivalent functionality for the CEK used for the chosen recipient of the message. In another use case, an attacker can reduce the tag length of the chosen AEAD cipher for a given AuthEnvelopedData container to be a single byte long, allowing an attacker to brute force CMS decryption, producing an integrity bypass for applications that trust CMS_decrypt() to reject modified content. The FIPS modules are not affected by this issue.

| Affected range | <3.5.6-1~deb13u2 | | Fixed version | 3.5.6-1~deb13u2 | | EPSS Score | 0.196% | | EPSS Percentile | 9th percentile |
Description
Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service reading PKCS#12 files to accept forged certificates and private keys with a 1 in 256 probability. If a service accepting PKCS#12 files is using passwords for authenticating the received files, the attacker can create unencrypted PKCS#12 files that use PBMAC1 authentication that specifies an HMAC key of only one byte, allowing them to craft a file that will be accepted with a 1 in 256 probability. That would then cause the service to accept a certificate and private key controlled by the attacker. The FIPS modules are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

| Affected range | >=3.2.1-3 | | Fixed version | Not Fixed | | EPSS Score | 0.515% | | EPSS Percentile | 40th percentile |
Description
|
glibc 2.41-12+deb13u2 (deb)
pkg:deb/debian/glibc@2.41-12%2Bdeb13u2?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <2.41-12+deb13u3 | | Fixed version | 2.41-12+deb13u3 | | EPSS Score | 0.357% | | EPSS Percentile | 28th percentile |
Description
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

| Affected range | <2.41-12+deb13u3 | | Fixed version | 2.41-12+deb13u3 | | EPSS Score | 0.189% | | EPSS Percentile | 9th percentile |
Description
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

| Affected range | <2.41-12+deb13u3 | | Fixed version | 2.41-12+deb13u3 | | EPSS Score | 0.292% | | EPSS Percentile | 21st percentile |
Description
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 2.447% | | EPSS Percentile | 82nd percentile |
Description
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 2.286% | | EPSS Percentile | 81st percentile |
Description
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 3.220% | | EPSS Percentile | 87th percentile |
Description
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 3.069% | | EPSS Percentile | 86th percentile |
Description
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 3.249% | | EPSS Percentile | 87th percentile |
Description
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 5.804% | | EPSS Percentile | 92nd percentile |
Description
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 2.633% | | EPSS Percentile | 84th percentile |
Description
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
- glibc (unimportant)
- eglibc (unimportant)
That's standard POSIX behaviour implemented by (e)glibc. Applications using
glob need to impose limits for themselves
|
systemd 257.9-1~deb13u1 (deb)
pkg:deb/debian/systemd@257.9-1~deb13u1?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <257.13-1~deb13u1 | | Fixed version | 257.13-1~deb13u1 | | EPSS Score | 0.142% | | EPSS Percentile | 4th percentile |
Description
A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

| Affected range | <257.13-1~deb13u1 | | Fixed version | 257.13-1~deb13u1 | | EPSS Score | 0.072% | | EPSS Percentile | 0th percentile |
Description
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

| Affected range | <257.13-1~deb13u1 | | Fixed version | 257.13-1~deb13u1 | | EPSS Score | 0.144% | | EPSS Percentile | 4th percentile |
Description
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

| Affected range | <257.13-1~deb13u1 | | Fixed version | 257.13-1~deb13u1 | | EPSS Score | 0.121% | | EPSS Percentile | 2nd percentile |
Description
systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.352% | | EPSS Percentile | 27th percentile |
Description
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.328% | | EPSS Percentile | 25th percentile |
Description
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.344% | | EPSS Percentile | 26th percentile |
Description
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.472% | | EPSS Percentile | 37th percentile |
Description
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
|
krb5 1.21.3-5 (deb)
pkg:deb/debian/krb5@1.21.3-5?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <1.21.3-5+deb13u1 | | Fixed version | 1.21.3-5+deb13u1 | | EPSS Score | 0.460% | | EPSS Percentile | 37th percentile |
Description
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.

| Affected range | <1.21.3-5+deb13u1 | | Fixed version | 1.21.3-5+deb13u1 | | EPSS Score | 0.461% | | EPSS Percentile | 37th percentile |
Description
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.261% | | EPSS Percentile | 17th percentile |
Description
An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 1.128% | | EPSS Percentile | 62nd percentile |
Description
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.815% | | EPSS Percentile | 53rd percentile |
Description
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 2.067% | | EPSS Percentile | 79th percentile |
Description
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
|
tar 1.35+dfsg-3.1 (deb)
pkg:deb/debian/tar@1.35%2Bdfsg-3.1?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >=1.35+dfsg-3.1 | | Fixed version | Not Fixed | | EPSS Score | 0.433% | | EPSS Percentile | 35th percentile |
Description
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).
Disputed tar issue, works as documented per upstream:
https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html
https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 3.992% | | EPSS Percentile | 89th percentile |
Description
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
This is intended behaviour, after all tar is an archiving tool and you
need to give -p as a command line flag
|
libcap2 1:2.75-10+b8 (deb)
pkg:deb/debian/libcap2@1%3A2.75-10%2Bb8?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <1:2.75-10+deb13u1 | | Fixed version | 1:2.75-10+deb13u1 | | EPSS Score | 0.188% | | EPSS Percentile | 9th percentile |
Description
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the cap_set_file() function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
|
openldap 2.6.10+dfsg-1 (deb)
pkg:deb/debian/openldap@2.6.10%2Bdfsg-1?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.127% | | EPSS Percentile | 3rd percentile |
Description
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 2.417% | | EPSS Percentile | 82nd percentile |
Description
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 7.022% | | EPSS Percentile | 93rd percentile |
Description
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.349% | | EPSS Percentile | 27th percentile |
Description
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 5.333% | | EPSS Percentile | 92nd percentile |
Description
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
- openldap (unimportant)
Debian builds with GNUTLS, not NSS
|
util-linux 2.41-5 (deb)
pkg:deb/debian/util-linux@2.41-5?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed |
Description

| Affected range | >0 | | Fixed version | Not Fixed |
Description

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.179% | | EPSS Percentile | 8th percentile |
Description
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.430% | | EPSS Percentile | 35th percentile |
Description
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

| Affected range | >0 | | Fixed version | Not Fixed |
Description

| Affected range | >0 | | Fixed version | Not Fixed |
Description

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.131% | | EPSS Percentile | 3rd percentile |
Description
A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be reallocated, this pointer becomes stale, leading to a heap use-after-free read. An attacker who can present a crafted block device image (for example, via USB insertion or a loop-mounted disk image) can trigger this flaw without user interaction, as libblkid is invoked automatically by udev/udisks as root on block-device hot-plug events. This could lead to limited information disclosure or denial of service.
|
libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 (deb)
pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.194% | | EPSS Percentile | 9th percentile |
Description
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.148% | | EPSS Percentile | 4th percentile |
Description
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow internal buffers (command, arg, and argv) during input parsing. This results in memory corruption within the stack frame. Successful exploitation may cause a crash or potentially allow arbitrary code execution in the context of the xmlcatalog process. This issue has been fixed in the commit c2e233fc. NOTE: The maintainers of this project did not agree that this issue is a vulnerability and considered it a bug.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.143% | | EPSS Percentile | 4th percentile |
Description
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."

| Affected range | >=2.12.7+dfsg+really2.9.14-2.1+deb13u2 | | Fixed version | Not Fixed | | EPSS Score | 0.068% | | EPSS Percentile | 17th percentile |
Description
A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.
REJECTED

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.289% | | EPSS Percentile | 21st percentile |
Description
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.
|
libgcrypt20 1.11.0-7 (deb)
pkg:deb/debian/libgcrypt20@1.11.0-7?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <1.11.0-7+deb13u1 | | Fixed version | 1.11.0-7+deb13u1 | | EPSS Score | 0.180% | | EPSS Percentile | 8th percentile |
Description
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 1.114% | | EPSS Percentile | 62nd percentile |
Description
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 1.811% | | EPSS Percentile | 76th percentile |
Description
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
|
coreutils 9.7-3 (deb)
pkg:deb/debian/coreutils@9.7-3?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.223% | | EPSS Percentile | 13th percentile |
Description
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.348% | | EPSS Percentile | 27th percentile |
Description
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
|
llvm-toolchain-19 1:19.1.7-3 (deb)
pkg:deb/debian/llvm-toolchain-19@1%3A19.1.7-3?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.124% | | EPSS Percentile | 2nd percentile |
Description
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.124% | | EPSS Percentile | 2nd percentile |
Description
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
|
sqlite3 3.46.1-7+deb13u1 (deb)
pkg:deb/debian/sqlite3@3.46.1-7%2Bdeb13u1?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.301% | | EPSS Percentile | 22nd percentile |
Description
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 1.614% | | EPSS Percentile | 73rd percentile |
Description
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
|
golang.org/x/sys 0.1.0 (golang)
pkg:golang/golang.org/x/sys@0.1.0
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <0.44.0 | | Fixed version | 0.44.0 | | EPSS Score | 0.114% | | EPSS Percentile | 2nd percentile |
Description
NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.
|
sed 4.9-2 (deb)
pkg:deb/debian/sed@4.9-2?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | <4.9-2+deb13u1 | | Fixed version | 4.9-2+deb13u1 | | EPSS Score | 0.142% | | EPSS Percentile | 4th percentile |
Description
When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original symlink path (not the resolved one) to read the file. Between these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process. This issue was fixed in version 4.10.
|
apt 3.0.3 (deb)
pkg:deb/debian/apt@3.0.3?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 1.191% | | EPSS Percentile | 64th percentile |
Description
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
|
gnupg2 2.4.7-21+deb13u1 (deb)
pkg:deb/debian/gnupg2@2.4.7-21%2Bdeb13u1?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.293% | | EPSS Percentile | 21st percentile |
Description
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
|
libxslt 1.1.35-1.2+deb13u2 (deb)
pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u2?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 2.122% | | EPSS Percentile | 80th percentile |
Description
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
|
shadow 1:4.17.4-2 (deb)
pkg:deb/debian/shadow@1%3A4.17.4-2?os_distro=trixie&os_name=debian&os_version=13
# postgresql-release.dockerfile (5:5)
FROM postgres:18.3

| Affected range | >0 | | Fixed version | Not Fixed | | EPSS Score | 0.942% | | EPSS Percentile | 57th percentile |
Description
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
- shadow (unimportant)
See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
unknown usernames are not recorded on login failures
|