SB2026012202 - Multiple vulnerabilities in Red Hat OpenShift Serverless
Published: January 22, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 50 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2024-12718)
The vulnerability allows a remote attacker to modify arbitrary files on the system.
The vulnerability exists due to input validation error in the tarfile module. A remote attacker can pass a specially crafted archive to the application and modify some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory.
2) Improper input validation (CVE-ID: CVE-2025-30749)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
3) Insufficient verification of data authenticity (CVE-ID: CVE-2025-40778)
The vulnerability allows a remote attacker to poison DNS cache.
The vulnerability exists due to insufficient verification of data authenticity when accepting records from answers. A remote attacker can inject forged data into the cache leading to DNS cache poisoning.
4) Link following (CVE-ID: CVE-2025-4138)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory during extraction with filter="data"..
5) Path traversal (CVE-ID: CVE-2025-4517)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error in the tarfile module when extracting files from an archive with filter="data". A remote attacker can pass specially crafted archive to the application and write files to arbitrary locations on the system outside the extraction directory.
6) Use-after-free (CVE-ID: CVE-2025-49794)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xmlSchematronGetNode() function when processing XPath expressions in Schematron schema elements schematron.c. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.
7) Type Confusion (CVE-ID: CVE-2025-49796)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the xmlSchematronFormatReport() function when processing sch:name elements in schematron.c. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and crash the application.
8) Improper input validation (CVE-ID: CVE-2025-50059)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
9) Improper input validation (CVE-ID: CVE-2025-50106)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
10) Improper authentication (CVE-ID: CVE-2025-58060)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the authentication process when the AuthType is set to a value other than "Basic". A remote attacker can send a request with "Authorization: Basic" header, which lead to the application does not check the password and considers the user authenticated.
11) Double free (CVE-ID: CVE-2025-5914)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the archive_read_format_rar_seek_data() function. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Resource exhaustion (CVE-ID: CVE-2025-59375)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger large dynamic memory allocations via a small document and perform a denial of service (DoS) attack.
13) Improper access control (CVE-ID: CVE-2025-6020)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the pam_namespace module when handling user-controlled paths. A local user can use specially crafted symlinks and race conditions to execute arbitrary code as root.
14) Buffer overflow (CVE-ID: CVE-2025-6965)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing aggregated terms. A remote attacker can pass specially crafted input to the application where the number of aggregate terms exceeds the number of columns available, trigger memory corruption and perform a denial of service (DoS) attack.
15) Use-after-free (CVE-ID: CVE-2025-7425)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the xsltSetSourceNodeFlags() function. A remote attacker can pass specially crafted XML input to the application, trigger memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Link following (CVE-ID: CVE-2025-8941)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an insecure link following issue in the pam_namespace module. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
The vulnerability exists due to incomplete fix for #VU111389 (CVE-2025-6020).
17) Resource exhaustion (CVE-ID: CVE-2013-0340)
The vulnerability allows remote attackers to cause a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input within the expat library, when processing XML files. A remote attacker can pass specially crafted XML content to the affected library and perform a denial of service (DoS) attack.18) Denial of service (CVE-ID: CVE-2016-9840)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in zlib due to out-of-bounds pointer arithmetic in inftrees.c. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
19) Heap-based buffer overflow (CVE-ID: CVE-2019-17543)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the LZ4_write32 when performing archiving operation with LZ4_compress_fast. A remote attacker can pass specially crafted input to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Integer overflow (CVE-ID: CVE-2022-23990)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the doProlog() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Out-of-bounds read (CVE-ID: CVE-2023-40403)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in libxslt. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
22) XML External Entity injection (CVE-ID: CVE-2024-28757)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input when using external parsers via XML_ExternalEntityParserCreate. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
23) Insufficient verification of data authenticity (CVE-ID: CVE-2024-34397)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.
24) Insufficiently protected credentials (CVE-ID: CVE-2024-47081)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the library leaks .netrc credentials to third parties for specific maliciously-crafted URLs. A remote attacker can gain access to sensitive information.
25) Off-by-one (CVE-ID: CVE-2024-52533)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Exposed dangerous method or function (CVE-ID: CVE-2024-53920)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation in elisp-mode.el. A remote attacker can trick the victim into invoking elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code, trigger unsafe Lisp macro expansion and execute arbitrary code on the system.
27) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2025-3576)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of RC4-HMAC-MD algorithm for GSSAPI-protected messages. A remote attacker can perform MitM attack.
28) Link following (CVE-ID: CVE-2025-4330)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory.
29) Integer overflow (CVE-ID: CVE-2025-4373)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the g_string_insert_unichar() function in glib/gstring.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Expected behavior violation (CVE-ID: CVE-2025-4435)
The vulnerability allows a remote attacker to change expected behavior.
The vulnerability exists due to an error when using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior. A remote attacker can force the application to extract files that were meant to be skipped.
31) Untrusted search path (CVE-ID: CVE-2025-4802)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted LD_LIBRARY_PATH environment variable. A local user can use the LD_LIBRARY_PATH environment variable to point to a malicious binary and execute arbitrary code with escalated privileges.
The vulnerability affects statically linked setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
32) Out-of-bounds read (CVE-ID: CVE-2025-5318)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sftp_handle() function. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.
33) Incorrect calculation (CVE-ID: CVE-2025-5372)
The vulnerability allows a remote user to perform MitM attack.
The vulnerability exist due to incorrect calculation within the ssh_kdf() function responsible for key derivation when built with OpenSSL versions older than 3.0. A remote user can compromise the integrity of the SSH session.
34) Integer overflow (CVE-ID: CVE-2025-6021)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the xmlBuildQName() function in tree.c . A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) NULL pointer dereference (CVE-ID: CVE-2025-6395)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when a TLS 1.3 handshake involves a Hello Retry Request and the second Client Hello omits the PSK which was present in the first Client Hello. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
36) Double free (CVE-ID: CVE-2025-8058)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the regcomp() function in case previous memory allocations fail. A remote attacker can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
37) Infinite loop (CVE-ID: CVE-2025-8194)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the “tarfile” module when handling tar archives with negative offsets. A remote attacker can pass a specially crafted tar archive to the application and consume all available system resources, resulting in a deadlock and a denial of service.
38) Out-of-bounds read (CVE-ID: CVE-2025-32414)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read that occurs in the Python API (Python bindings) because of an incorrect return value. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
39) Heap-based buffer overflow (CVE-ID: CVE-2025-32415)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xmlSchemaIDCFillNodeTables() function. A remote attacker can pass specially crafted XML data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
40) Double free (CVE-ID: CVE-2025-32988)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when exporting a certificate with an otherName in the SAN (subject alternative name) extension. A remote attacker can trick the victim into export a specially crafted certificate, trigger a double free error on the ASN.1 structure and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) NULL pointer dereference (CVE-ID: CVE-2025-32990)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when the certtool program is invoked with a template file with a number of string pairs for a single keyword. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
42) Race condition (CVE-ID: CVE-2025-40909)
The vulnerability allows a local user to tamper with application's behavior.
The vulnerability exists due to a race condition if a directory handle is open at thread creation. A local user can exploit the race and force the application to load code or access files from unexpected location.
43) Type Confusion (CVE-ID: CVE-2025-47151)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in the lasso_node_impl_init_from_xml functionality. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Path traversal (CVE-ID: CVE-2025-47273)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.
45) Resource exhaustion (CVE-ID: CVE-2025-47947)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling application/json payloads. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that at least one rule which does a sanitiseMatchedBytes action.
46) Improper input validation (CVE-ID: CVE-2025-53057)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
47) Improper input validation (CVE-ID: CVE-2025-53066)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
48) Path traversal (CVE-ID: CVE-2025-53905)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences in tar.vim plugin. A remote attacker can trick the victim into opening a specially crafted archive and overwrite arbitrary files on the system, leading to remote code execution.
49) Path traversal (CVE-ID: CVE-2025-53906)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences in zip.vim plugin. A remote attacker can trick the victim into opening a specially crafted archive and overwrite arbitrary files on the system, leading to remote code execution.
50) NULL pointer dereference (CVE-ID: CVE-2025-58364)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling requests. A remote attacker can send specially crafted data to the server and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.