rpm package
almalinux/buildah
pkg:rpm/almalinux/buildah
Vulnerabilities (106)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-39830 | Cri | 9.1 | < 2:1.43.1-2.el9_8 | 2:1.43.1-2.el9_8 | May 22, 2026 | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now | |
| CVE-2026-39829 | Hig | 7.5 | < 2:1.43.1-2.el9_8 | 2:1.43.1-2.el9_8 | May 22, 2026 | The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clien | |
| CVE-2026-32283 | Hig | 7.5 | < 2:1.43.1-2.el10_2 | 2:1.43.1-2.el10_2 | Apr 8, 2026 | If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3. | |
| CVE-2026-32281 | Hig | 7.5 | < 2:1.43.1-2.el10_2 | 2:1.43.1-2.el10_2 | Apr 8, 2026 | Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root C | |
| CVE-2026-32280 | Hig | 7.5 | < 2:1.43.1-2.el10_2 | 2:1.43.1-2.el10_2 | Apr 8, 2026 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls | |
| CVE-2026-34986 | Hig | 7.5 | < 2:1.41.8-3.el9_7 | 2:1.41.8-3.el9_7 | Apr 6, 2026 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW | |
| CVE-2026-25679 | Hig | 7.5 | < 2:1.43.1-1.el10_2 | 2:1.43.1-1.el10_2 | Mar 6, 2026 | url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. | |
| CVE-2025-68121 | Cri | 10.0 | < 2:1.41.8-2.el10_1 | 2:1.41.8-2.el10_1 | Feb 5, 2026 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and | |
| CVE-2025-61728 | — | < 2:1.33.14-3.module_el8.10.0+4136+16425343 | 2:1.33.14-3.module_el8.10.0+4136+16425343 | Jan 28, 2026 | archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive. | ||
| CVE-2025-61726 | — | < 2:1.41.8-2.el10_1 | 2:1.41.8-2.el10_1 | Jan 28, 2026 | The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la | ||
| CVE-2025-65637 | Hig | 7.5 | < 2:1.33.14-2.module_el8.10.0+4120+03ad4b47 | 2:1.33.14-2.module_el8.10.0+4120+03ad4b47 | Dec 4, 2025 | A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is | |
| CVE-2025-61729 | Hig | 7.5 | < 2:1.41.8-2.el10_1 | 2:1.41.8-2.el10_1 | Dec 2, 2025 | Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a | |
| CVE-2025-47913 | Hig | 7.5 | < 2:1.41.8-1.el10_1 | 2:1.41.8-1.el10_1 | Nov 13, 2025 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. | |
| CVE-2025-52881 | Hig | 7.5 | < 2:1.33.12-2.module_el8.10.0+4023+db236c53 | 2:1.33.12-2.module_el8.10.0+4023+db236c53 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have | |
| CVE-2025-52565 | Hig | 7.5 | < 2:1.33.12-2.module_el8.10.0+4023+db236c53 | 2:1.33.12-2.module_el8.10.0+4023+db236c53 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta | |
| CVE-2025-31133 | Hig | 7.8 | < 2:1.33.12-2.module_el8.10.0+4023+db236c53 | 2:1.33.12-2.module_el8.10.0+4023+db236c53 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container | |
| CVE-2025-58183 | Med | 4.3 | < 2:1.41.6-1.el9_7 | 2:1.41.6-1.el9_7 | Oct 29, 2025 | tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r | |
| CVE-2025-9566 | Hig | 8.1 | < 2:1.33.12-2.module_el8.10.0+4023+db236c53 | 2:1.33.12-2.module_el8.10.0+4023+db236c53 | Sep 5, 2025 | There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only | |
| CVE-2025-6032 | Hig | 8.3 | < 2:1.33.12-2.module_el8.10.0+4023+db236c53 | 2:1.33.12-2.module_el8.10.0+4023+db236c53 | Jun 24, 2025 | A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. | |
| CVE-2025-22871 | Cri | 9.1 | < 2:1.33.12-2.module_el8.10.0+4016+efd18bf8 | 2:1.33.12-2.module_el8.10.0+4016+efd18bf8 | Apr 8, 2025 | The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. |
- affected < 2:1.43.1-2.el9_8fixed 2:1.43.1-2.el9_8
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now
- affected < 2:1.43.1-2.el9_8fixed 2:1.43.1-2.el9_8
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clien
- affected < 2:1.43.1-2.el10_2fixed 2:1.43.1-2.el10_2
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
- affected < 2:1.43.1-2.el10_2fixed 2:1.43.1-2.el10_2
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root C
- affected < 2:1.43.1-2.el10_2fixed 2:1.43.1-2.el10_2
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls
- affected < 2:1.41.8-3.el9_7fixed 2:1.41.8-3.el9_7
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW
- affected < 2:1.43.1-1.el10_2fixed 2:1.43.1-1.el10_2
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
- affected < 2:1.41.8-2.el10_1fixed 2:1.41.8-2.el10_1
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and
- CVE-2025-61728Jan 28, 2026affected < 2:1.33.14-3.module_el8.10.0+4136+16425343fixed 2:1.33.14-3.module_el8.10.0+4136+16425343
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
- CVE-2025-61726Jan 28, 2026affected < 2:1.41.8-2.el10_1fixed 2:1.41.8-2.el10_1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la
- affected < 2:1.33.14-2.module_el8.10.0+4120+03ad4b47fixed 2:1.33.14-2.module_el8.10.0+4120+03ad4b47
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is
- affected < 2:1.41.8-2.el10_1fixed 2:1.41.8-2.el10_1
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a
- affected < 2:1.41.8-1.el10_1fixed 2:1.41.8-1.el10_1
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
- affected < 2:1.33.12-2.module_el8.10.0+4023+db236c53fixed 2:1.33.12-2.module_el8.10.0+4023+db236c53
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have
- affected < 2:1.33.12-2.module_el8.10.0+4023+db236c53fixed 2:1.33.12-2.module_el8.10.0+4023+db236c53
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta
- affected < 2:1.33.12-2.module_el8.10.0+4023+db236c53fixed 2:1.33.12-2.module_el8.10.0+4023+db236c53
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container
- affected < 2:1.41.6-1.el9_7fixed 2:1.41.6-1.el9_7
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r
- affected < 2:1.33.12-2.module_el8.10.0+4023+db236c53fixed 2:1.33.12-2.module_el8.10.0+4023+db236c53
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only
- affected < 2:1.33.12-2.module_el8.10.0+4023+db236c53fixed 2:1.33.12-2.module_el8.10.0+4023+db236c53
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
- affected < 2:1.33.12-2.module_el8.10.0+4016+efd18bf8fixed 2:1.33.12-2.module_el8.10.0+4016+efd18bf8
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Page 1 of 6