VYPR

apk package

chainguard/rancher-webhook-fips-0.6

pkg:apk/chainguard/rancher-webhook-fips-0.6

Vulnerabilities (52)

  • CVE-2025-58183MedOct 29, 2025
    affected < 0.6.11-r1fixed 0.6.11-r1

    tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r

  • CVE-2025-61724Oct 29, 2025
    affected < 0.6.11-r1fixed 0.6.11-r1

    The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

  • CVE-2025-58188Oct 29, 2025
    affected < 0.6.11-r1fixed 0.6.11-r1

    Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

  • CVE-2025-58185Oct 29, 2025
    affected < 0.6.11-r1fixed 0.6.11-r1

    Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

  • CVE-2025-47912Oct 29, 2025
    affected < 0.6.11-r1fixed 0.6.11-r1

    The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresse

  • CVE-2025-61723Oct 29, 2025
    affected < 0.6.11-r1fixed 0.6.11-r1

    The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

  • CVE-2025-58189Oct 29, 2025
    affected < 0.6.11-r1fixed 0.6.11-r1

    When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

  • CVE-2025-58187Oct 29, 2025
    affected < 0.6.11-r1fixed 0.6.11-r1

    Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

  • CVE-2025-5187MedAug 27, 2025
    affected < 0.6.10-r1fixed 0.6.10-r1

    A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is su

  • CVE-2025-47907Aug 7, 2025
    affected < 0.6.9-r1fixed 0.6.9-r1

    Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex

  • CVE-2024-9042MedMar 13, 2025
    affected < 0fixed 0

    This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.

  • CVE-2025-0426MedFeb 13, 2025
    affected < 0fixed 0

    A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

Page 3 of 3