VDB

RHSA-2026%3A2563

RHSA-2026%3A2563 PUBLISHED CVSS 5.300000190734863 MEDIUM

An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/rhui5/cds-rhel9@sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe_amd64 as a component of Red Hat Update Infrastructure 5*, *, registry.redhat.io/rhui5/cds-rhel9@sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe_amd64
Red HatRed Hat Update Infrastructure 5
Red Hatregistry.redhat.io/rhui5/installer-rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64 as a component of Red Hat Update Infrastructure 5registry.redhat.io/rhui5/installer-rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64, registry.redhat.io/rhui5/installer-rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64, registry.redhat.io/rhui5/installer-rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64
Red Hatregistry.redhat.io/rhui5/cds-rhel9@sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe_amd64 as a component of Red Hat Update Infrastructure 5registry.redhat.io/rhui5/cds-rhel9@sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe_amd64, *, *
Red Hatregistry.redhat.io/rhui5/haproxy-rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64 as a component of Red Hat Update Infrastructure 5registry.redhat.io/rhui5/haproxy-rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64, registry.redhat.io/rhui5/haproxy-rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64, registry.redhat.io/rhui5/haproxy-rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64
Red Hatregistry.redhat.io/rhui5/haproxy-rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64 as a component of Red Hat Update Infrastructure 5*, *, registry.redhat.io/rhui5/haproxy-rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64
Red Hatregistry.redhat.io/rhui5/rhua-rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64 as a component of Red Hat Update Infrastructure 5*, registry.redhat.io/rhui5/rhua-rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64, registry.redhat.io/rhui5/rhua-rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64
Red Hatregistry.redhat.io/rhui5/installer-rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64 as a component of Red Hat Update Infrastructure 5*, registry.redhat.io/rhui5/installer-rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64, registry.redhat.io/rhui5/installer-rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64
Red Hatregistry.redhat.io/rhui5/rhua-rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64 as a component of Red Hat Update Infrastructure 5registry.redhat.io/rhui5/rhua-rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64, registry.redhat.io/rhui5/rhua-rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64, registry.redhat.io/rhui5/rhua-rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64

Timeline

  • Feb 11, 2026 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›