apk package
chainguard/net-kourier-fips-1.16
pkg:apk/chainguard/net-kourier-fips-1.16
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58187 | — | < 1.16.0-r4 | 1.16.0-r4 | Oct 29, 2025 | Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. | ||
| CVE-2025-22872 | Med | 6.5 | < 1.16.0-r3 | 1.16.0-r3 | Apr 16, 2025 | The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul | |
| CVE-2025-22870 | Med | 4.4 | < 1.16.0-r3 | 1.16.0-r3 | Mar 12, 2025 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. | |
| CVE-2025-22868 | — | < 1.16.0-r1 | 1.16.0-r1 | Feb 26, 2025 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | ||
| CVE-2024-45338 | Med | 5.3 | < 1.16.0-r3 | 1.16.0-r3 | Dec 18, 2024 | An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. |
- CVE-2025-58187Oct 29, 2025affected < 1.16.0-r4fixed 1.16.0-r4
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
- affected < 1.16.0-r3fixed 1.16.0-r3
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul
- affected < 1.16.0-r3fixed 1.16.0-r3
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
- CVE-2025-22868Feb 26, 2025affected < 1.16.0-r1fixed 1.16.0-r1
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
- affected < 1.16.0-r3fixed 1.16.0-r3
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Page 2 of 2