Red Hat Trusted Artifact Signer
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Trusted Artifact Signer.
Recent Red Hat Trusted Artifact Signer Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:3087 | (RHSA-2026:3087) RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release | February 23, 2026 |
| RHSA-2026:2927 | (RHSA-2026:2927) RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release | February 18, 2026 |
| RHSA-2026:2926 | (RHSA-2026:2926) RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release | February 18, 2026 |
| RHSA-2026:2925 | (RHSA-2026:2925) RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release | February 18, 2026 |
| RHSA-2026:2924 | (RHSA-2026:2924) RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release | February 18, 2026 |
| RHSA-2026:2922 | (RHSA-2026:2922) RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release | February 18, 2026 |
| RHSA-2026:2921 | (RHSA-2026:2921) RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release | February 18, 2026 |
| RHSA-2026:2919 | (RHSA-2026:2919) RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release | February 18, 2026 |
| RHSA-2026:2146 | (RHSA-2026:2146) RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release | February 5, 2026 |
| RHSA-2026:2144 | (RHSA-2026:2144) RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release | February 5, 2026 |
By the Year
In 2026 there have been 1 vulnerability in Red Hat Trusted Artifact Signer with an average score of 5.3 out of ten. Last year, in 2025 Trusted Artifact Signer had 4 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Trusted Artifact Signer in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.50.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 5.30 |
| 2025 | 4 | 4.80 |
| 2024 | 2 | 5.90 |
It may take a day or so for new Trusted Artifact Signer vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Trusted Artifact Signer Security Vulnerabilities
Information Disclosure in Go Viper Mapstructure WeakDecode via Error Messages
CVE-2025-11065
5.3 - Medium
- January 26, 2026
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
Generation of Error Message Containing Sensitive Information
CIRCL FourQ RCE via Low-Order Point Injection in Diffie-Hellman
CVE-2025-8556
3.7 - Low
- August 06, 2025
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Improper Verification of Cryptographic Signature
crossbeam-channel: Drop race may lead to double-free (CVE-2025-4574)
CVE-2025-4574
6.5 - Medium
- May 13, 2025
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Double-free
Ring crate panic via QUIC protocol overflow (CVE-2025-4432)
CVE-2025-4432
5.3 - Medium
- May 09, 2025
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.
Allocation of Resources Without Limits or Throttling
OpenSSL Use-After-Free via properties arg leads to UDB
CVE-2025-3416
3.7 - Low
- April 08, 2025
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Dangling pointer
Rustls 0.23.13 Denial of Service via Fragmented ClientHello
CVE-2024-11738
5.3 - Medium
- December 06, 2024
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.
Uncaught Exception
Uninitialized Buffer in Go FIPS OpenSSL May Cause False HMAC Match
CVE-2024-9355
6.5 - Medium
- October 01, 2024
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Use of Uninitialized Variable
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Trusted Artifact Signer or by Red Hat? Click the Watch button to subscribe.
