SB2025112761 - Multiple vulnerabilities in Red Hat Quay

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025112761

SB2025112761 - Multiple vulnerabilities in Red Hat Quay

Published: November 27, 2025

Security Bulletin ID SB2025112761
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 20% Medium 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2024-34156)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to encoding/gob does not properly control consumption of internal resources when calling Decoder.Decode. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Note, this vulnerability is related to #VU66068 (CVE-2024-34156).


2) Improper authorization (CVE-ID: CVE-2024-45337)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to improper authorization caused by improper usage of the ServerConfig.PublicKeyCallback callback. A remote attacker can bypass authorization in certain cases and gain access to the application.


3) Resource exhaustion (CVE-ID: CVE-2024-45338)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in several Parse functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


4) Incorrect authorization (CVE-ID: CVE-2025-59420)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to Authlib's JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 "must‑understand" semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation.


5) Resource exhaustion (CVE-ID: CVE-2025-61920)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way the Authlib's JOSE implementation handles untrusted input. A remote non-authenticated attacker can send overly large amount of data via unbounded JWS/JWT header and signature segments to the application and consume memory and CPU resources, leading to a denial of service condition. 


Remediation

Install update from vendor's website.

References