SB20251210182 - Multiple vulnerabilities in Red Hat Quay

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20251210182

SB20251210182 - Multiple vulnerabilities in Red Hat Quay

Published: December 10, 2025

Security Bulletin ID SB20251210182
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 25% Medium 50% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2024-34156)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to encoding/gob does not properly control consumption of internal resources when calling Decoder.Decode. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Note, this vulnerability is related to #VU66068 (CVE-2024-34156).


2) Input validation error (CVE-ID: CVE-2025-47913)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling SSH_AGENT_SUCCESS responses in ssh agent. A malicious server can send a specially crafted response to the ssh client and crash it. 


3) Incorrect authorization (CVE-ID: CVE-2025-59420)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to Authlib's JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 "must‑understand" semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation.


4) Resource exhaustion (CVE-ID: CVE-2025-61920)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way the Authlib's JOSE implementation handles untrusted input. A remote non-authenticated attacker can send overly large amount of data via unbounded JWS/JWT header and signature segments to the application and consume memory and CPU resources, leading to a denial of service condition. 


Remediation

Install update from vendor's website.

References