VDB
RHSA-2026%3A1541
RHSA-2026%3A1541
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhcos-ppc64le-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15 | rhcos-ppc64le-415.92.202601271320-0, rhcos-ppc64le-415.92.202601271320-0, rhcos-ppc64le-415.92.202601271320-0 |
| Red Hat | rhcos-x86_64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15 | rhcos-x86_64-415.92.202601271320-0, rhcos-x86_64-415.92.202601271320-0, rhcos-x86_64-415.92.202601271320-0 |
| Red Hat | rhcos-s390x-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15 | rhcos-s390x-415.92.202601271320-0 |
| Red Hat | rhcos-aarch64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15 | rhcos-aarch64-415.92.202601271320-0, rhcos-aarch64-415.92.202601271320-0, rhcos-aarch64-415.92.202601271320-0 |
| Red Hat | rhcos-ppc64le-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15 | rhcos-ppc64le-415.92.202601271320-0 |
| Red Hat | rhcos-s390x-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15 | rhcos-s390x-415.92.202601271320-0, rhcos-s390x-415.92.202601271320-0, rhcos-s390x-415.92.202601271320-0 |
| Red Hat | rhcos-x86_64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15 | * |
| Red Hat | rhcos-aarch64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15 | * |
Exploit Intelligence
- Proof of Concept for CVE-2025-40778: BIND 9 DNS Cache Poisoning via unsolicited Additional Section records. (github-poc-repo)
- Forensic triage of DNS cache poisoning in legacy hardware. Includes PCAP analysis of 839-byte unsolicited record injections, CVE-2025-40778 mapping, and remediation via hardened Unbound (DoT) on Arch Linux. (github-poc-repo)
- Forensic triage of DNS cache poisoning in legacy hardware. Includes PCAP analysis of 839-byte unsolicited record injections, CVE-2025-40778 mapping, and remediation via hardened Unbound (DoT) on Arch Linux. (github-poc)
- Proof of Concept for CVE-2025-40778: BIND 9 DNS Cache Poisoning via unsolicited Additional Section records. (github-poc)
- TestCommand.yaml (github-poc)
- errata77.html (github-poc)
- 4593.2.0.yml (github-poc)
- mfsa2026-23.yml (github-poc)
- dockerscan.yml (github-poc)
- 4628.1.0.yml (github-poc)
…and 13 more exploits
Timeline
- Feb 5, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:1541 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2369131 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2370861 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2376219 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2392605 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2395108 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2405827 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2405829 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2405830 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1541.json advisory
- https://access.redhat.com/security/cve/CVE-2025-5318 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-5318 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-5318 advisory
- https://www.libssh.org/security/advisories/CVE-2025-5318.txt advisory
- https://access.redhat.com/security/cve/CVE-2025-5914 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-5914 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-5914 advisory
- https://github.com/libarchive/libarchive/pull/2598 advisory
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0 advisory
…and 23 more