SB20260417100 - Fedora 44 update for trivy

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260417100

SB20260417100 - Fedora 44 update for trivy

Published: April 17, 2026

Security Bulletin ID SB20260417100
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Integer underflow (CVE-ID: CVE-2026-34165)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to integer underflow in .idx file processing when parsing a crafted .idx file. A local user can create or alter an .idx file in the local repository's .git directory to cause a denial of service.

User interaction is required.


2) Improper Validation of Array Index (CVE-ID: CVE-2026-33762)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper validation of array index in the index decoder for format version 4 when parsing a crafted .git/index file. A local user can supply a specially crafted .git/index file to cause a denial of service.

User interaction is required during normal index parsing, and the issue can result in process termination if the application does not recover from panics.


Remediation

Install update from vendor's website.

References