Red Hat Rhui
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Rhui.
Recent Red Hat Rhui Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:10754 | (RHSA-2026:10754) Important: RHUI 4.11.4 security update - python-pyOpenSSL | April 27, 2026 |
| RHSA-2026:1485 | (RHSA-2026:1485) Important: RHUI 4.11.3 security update - python-urllib3 | January 28, 2026 |
| RHSA-2025:1335 | (RHSA-2025:1335) Important: RHUI 4.11 security, bugfix, and enhancement update | February 12, 2025 |
| RHSA-2024:1878 | (RHSA-2024:1878) Moderate: RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements | April 18, 2024 |
| RHSA-2023:4591 | (RHSA-2023:4591) Moderate: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements | August 9, 2023 |
| RHSA-2023:2101 | (RHSA-2023:2101) Moderate: RHUI 4.4.0 release - Security Fixes, Bug Fixes, and Enhancements Update | May 3, 2023 |
| RHSA-2023:0742 | (RHSA-2023:0742) Low: RHUI 4.3.0 release - Security Fixes, Bug Fixes, and Enhancements Update | February 13, 2023 |
| RHSA-2022:5602 | (RHSA-2022:5602) Important: RHUI 4.1.1 release - Security Fixes and Enhancement Update | July 19, 2022 |
By the Year
In 2026 there have been 10 vulnerabilities in Red Hat Rhui with an average score of 6.7 out of ten. Last year, in 2025 Rhui had 4 security vulnerabilities published. That is, 6 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.22.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 10 | 6.69 |
| 2025 | 4 | 6.48 |
| 2024 | 4 | 7.50 |
It may take a day or so for new Rhui vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Rhui Security Vulnerabilities
libsolv Heap Buffer Overflow via .solv Decompression
CVE-2026-48864
7.8 - High
- May 26, 2026
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
Memory Corruption
libsolv Heap B.O. in repo_add_solv via negative .solv size
CVE-2026-9149
6.5 - Medium
- May 20, 2026
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
Heap-based Buffer Overflow
Red Hat libsolv Stack Buffer Overflow in Debian METADATA Parser
CVE-2026-9150
6.5 - Medium
- May 20, 2026
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.
Stack Overflow
libcap TOCTOU in cap_set_file() leads to privilege escalation
CVE-2026-4878
6.7 - Medium
- April 09, 2026
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
TOCTTOU
Integer Overflow in libarchive ZISofs Block Pointer on 32bit
CVE-2026-5121
9.8 - Critical
- March 30, 2026
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
Integer Overflow or Wraparound
CVE-2026-2100: Uninitialized Return in p11-kit C_DeriveKey DS
CVE-2026-2100
5.3 - Medium
- March 26, 2026
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
Access of Uninitialized Pointer
libarchive Heap OOB Read via Craft RAR Archive
CVE-2026-4424
7.5 - High
- March 19, 2026
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Out-of-bounds Read
Infinite Loop in libarchive RAR5 Decompression causing DoS
CVE-2026-4111
7.5 - High
- March 13, 2026
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
Infinite Loop
GnuTLS DoS via oversized SANs in certificates
CVE-2025-14831
5.3 - Medium
- February 09, 2026
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Inefficient Algorithmic Complexity
GnuTLS Stack Buffer Overflow in PKCS#11 Init Allows DoS/Code Exec
CVE-2025-9820
4 - Medium
- January 26, 2026
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
Stack Overflow
glib GIO escape_byte_string overflow causes heap buffer DoS
CVE-2025-14512
6.5 - Medium
- December 11, 2025
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Integer Overflow or Wraparound
GLib GVariant Buffer Underflow Heap Corruption (CVE-2025-14087)
CVE-2025-14087
5.6 - Medium
- December 10, 2025
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
Integer Overflow or Wraparound
Heap Buffer Overread in util-linux setpwnam() (256-byte usernames)
CVE-2025-14104
6.1 - Medium
- December 05, 2025
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Out-of-bounds Read
Glib Heap Buffer Overflow in g_escape_uri_string()
CVE-2025-13601
7.7 - High
- November 26, 2025
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Integer Overflow or Wraparound
Auth Bypass in Pulpcore v3.0+ via Gunicorn <=22.0 + mod_proxy
CVE-2024-7923
- September 04, 2024
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.
authentification
Pulp RBAC flaw causes improper perms via AutoAddObjPermsMixin (CVE-2024-7143)
CVE-2024-7143
- August 07, 2024
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.
Insecure Inherited Permissions
python-cryptography: Remote Decryption of TLS RSA Exchanges
CVE-2023-50782
7.5 - High
- February 05, 2024
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Side Channel Attack
Remote Decrypt in TLS RSA via M2Crypto: CVE-2023-50781
CVE-2023-50781
7.5 - High
- February 05, 2024
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Side Channel Attack
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Rhui or by Red Hat? Click the Watch button to subscribe.
