VYPR

rpm package

almalinux/image-builder

pkg:rpm/almalinux/image-builder

Vulnerabilities (5)

  • CVE-2026-25679HigMar 6, 2026
    affected < 31-5.el10_1fixed 31-5.el10_1

    url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

  • CVE-2025-68121CriFeb 5, 2026
    affected < 31-3.el9_7fixed 31-3.el9_7

    During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and

  • CVE-2025-61726Jan 28, 2026
    affected < 31-3.el9_7fixed 31-3.el9_7

    The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la

  • CVE-2025-61729Dec 2, 2025
    affected < 31-3.el9_7fixed 31-3.el9_7

    Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a

  • CVE-2025-58183MedOct 29, 2025
    affected < 31-2.el9_7fixed 31-2.el9_7

    tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r