VDB

RHSA-2026%3A1736

RHSA-2026%3A1736 PUBLISHED CVSS 5.300000190734863 MEDIUM

An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64 as a component of Red Hat Discovery 2*, *, *
Red Hatregistry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64 as a component of Red Hat Discovery 2registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64, *, *
Red Hatregistry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64 as a component of Red Hat Discovery 2registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64, registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64, *
Red Hatregistry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64 as a component of Red Hat Discovery 2registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64, registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64, registry.redhat.io/discovery/discovery-server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64
Red Hatregistry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64 as a component of Red Hat Discovery 2registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64, registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64, registry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64
Red Hatregistry.redhat.io/discovery/discovery-ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210ba20ea22b60e4e22d519d8b9e6_amd64 as a component of Red Hat Discovery 2
curllibcurl
Red Hatregistry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64 as a component of Red Hat Discovery 2registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64, *, registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64
Red HatRed Hat Discovery 2
Red Hatregistry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64 as a component of Red Hat Discovery 2registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64, *, registry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64
Red Hatregistry.redhat.io/discovery/discovery-ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64 as a component of Red Hat Discovery 2*, *, *

Timeline

  • Feb 2, 2026 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›