VYPR

apk package

chainguard/descheduler-fips

pkg:apk/chainguard/descheduler-fips

Vulnerabilities (45)

  • CVE-2025-22874HigJun 11, 2025
    affected < 0.33.0-r1fixed 0.33.0-r1

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

  • CVE-2025-22872MedApr 16, 2025
    affected < 0.32.2-r35fixed 0.32.2-r35

    The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul

  • CVE-2025-22870MedMar 12, 2025
    affected < 0.32.2-r33fixed 0.32.2-r33

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

  • CVE-2025-22868Feb 26, 2025
    affected < 0.32.2-r32fixed 0.32.2-r32

    An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

  • CVE-2025-22869Feb 26, 2025
    affected < 0.32.2-r31fixed 0.32.2-r31

    SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Page 3 of 3