VDB
RHSA-2026%3A3415
RHSA-2026%3A3415
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhcos-x86_64-413.92.202602240113-0 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | rhcos-x86_64-413.92.202602240113-0 as a component of Red Hat OpenShift Container Platform 4.13 | rhcos-x86_64-413.92.202602240113-0, rhcos-x86_64-413.92.202602240113-0, rhcos-x86_64-413.92.202602240113-0 |
Timeline
- Mar 5, 2026 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:3415 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2376219 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2396054 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2408762 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2416741 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2418711 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2430376 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3415.json advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-5987 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-5987 advisory
- https://www.libssh.org/security/advisories/CVE-2025-5987.txt advisory
- https://access.redhat.com/security/cve/CVE-2025-6176 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-6176 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-6176 advisory
- https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0 advisory
- https://access.redhat.com/security/cve/CVE-2025-9230 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-9230 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-9230 advisory
…and 15 more