VDB
RHSA-2026%3A0980
RHSA-2026%3A0980
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhcos-s390x-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18 | rhcos-s390x-418.94.202601202224-0, rhcos-s390x-418.94.202601202224-0, rhcos-s390x-418.94.202601202224-0 |
| Red Hat | rhcos-x86_64-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18 | rhcos-x86_64-418.94.202601202224-0 |
| Red Hat | rhcos-s390x-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18 | rhcos-s390x-418.94.202601202224-0 |
| Red Hat | rhcos-x86_64-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18 | rhcos-x86_64-418.94.202601202224-0, *, * |
| Red Hat | rhcos-aarch64-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18 | rhcos-aarch64-418.94.202601202224-0 |
| Red Hat | rhcos-aarch64-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18 | rhcos-aarch64-418.94.202601202224-0, rhcos-aarch64-418.94.202601202224-0, rhcos-aarch64-418.94.202601202224-0 |
| Red Hat | rhcos-ppc64le-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18 | rhcos-ppc64le-418.94.202601202224-0, *, rhcos-ppc64le-418.94.202601202224-0 |
| Red Hat | rhcos-ppc64le-418.94.202601202224-0 as a component of Red Hat OpenShift Container Platform 4.18 | rhcos-ppc64le-418.94.202601202224-0 |
Exploit Intelligence
- seen_cves.json (github-poc)
- TestCommand.yaml (github-poc)
Timeline
- Feb 3, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 11, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:0980 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2376219 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2392605 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0980.json advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-5987 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-5987 advisory
- https://www.libssh.org/security/advisories/CVE-2025-5987.txt advisory
- https://access.redhat.com/security/cve/CVE-2025-9714 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-9714 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-9714 advisory
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 advisory
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 advisory