Red Hat Source To Image
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Source To Image.
Recent Red Hat Source To Image Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:4270 | (RHSA-2026:4270) OpenShift Source To Image 1.6.0 | March 11, 2026 |
By the Year
In 2026 there have been 4 vulnerabilities in Red Hat Source To Image with an average score of 7.5 out of ten. Source To Image did not have any published security vulnerabilities last year. That is, 4 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 7.50 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 8.30 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.50 |
It may take a day or so for new Source To Image vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Source To Image Security Vulnerabilities
Docker Moby <29.5.1: Decompression Binary Hijack in /containers/{id}/archive
CVE-2026-41567
7.5 - High
- June 05, 2026
Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container's filesystem rather than the host's due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images
DLL preloading
Go crypto/x509 VerifyHostname DNS SAN quadratic overhead
CVE-2026-27145
7.5 - High
- June 02, 2026
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
Unchecked Input for Loop Condition
Double-free CVE-2026-33811 via LookupCNAME in Go net (<=1.26.2)
CVE-2026-33811
7.5 - High
- May 07, 2026
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
1341
Go net/url: MEM BOMB via Unlimited Query Param Count
CVE-2025-61726
7.5 - High
- January 28, 2026
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Allocation of Resources Without Limits or Throttling
Authenticated Registry Access Path Traversal in containers/image
CVE-2024-3727
8.3 - High
- May 14, 2024
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Improper Validation of Integrity Check Value
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input
CVE-2018-1103
6.5 - Medium
- June 12, 2018
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Source To Image or by Red Hat? Click the Watch button to subscribe.