Vulnerabilities |
25 via 56 paths |
---|---|
Dependencies |
87 |
Source |
Docker |
Target OS |
debian:13 |
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.41-12 and glibc/libc6@2.41-12
Detailed paths
-
Introduced through: python@3-slim › glibc/libc-bin@2.41-12
-
Introduced through: python@3-slim › glibc/libc6@2.41-12
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
Remediation
There is no fixed version for Debian:13
glibc
.
References
low severity
- Vulnerable module: tar
- Introduced through: tar@1.35+dfsg-3.1
Detailed paths
-
Introduced through: python@3-slim › tar@1.35+dfsg-3.1
NVD Description
Note: Versions mentioned in the description apply only to the upstream tar
package and not the tar
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
Remediation
There is no fixed version for Debian:13
tar
.
References
- https://security-tracker.debian.org/tracker/CVE-2005-2541
- http://marc.info/?l=bugtraq&m=112327628230258&w=2
- https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
- https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.41-12 and glibc/libc6@2.41-12
Detailed paths
-
Introduced through: python@3-slim › glibc/libc-bin@2.41-12
-
Introduced through: python@3-slim › glibc/libc6@2.41-12
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
Remediation
There is no fixed version for Debian:13
glibc
.
References
- https://security-tracker.debian.org/tracker/CVE-2019-1010023
- https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
- https://sourceware.org/bugzilla/show_bug.cgi?id=22851
- http://www.securityfocus.com/bid/109167
- https://ubuntu.com/security/CVE-2019-1010023
- https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.41-12 and glibc/libc6@2.41-12
Detailed paths
-
Introduced through: python@3-slim › glibc/libc-bin@2.41-12
-
Introduced through: python@3-slim › glibc/libc6@2.41-12
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.
Remediation
There is no fixed version for Debian:13
glibc
.
References
- https://security-tracker.debian.org/tracker/CVE-2018-20796
- https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
- https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
- https://security.netapp.com/advisory/ntap-20190315-0002/
- http://www.securityfocus.com/bid/107160
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796
- https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.41-12 and glibc/libc6@2.41-12
Detailed paths
-
Introduced through: python@3-slim › glibc/libc-bin@2.41-12
-
Introduced through: python@3-slim › glibc/libc6@2.41-12
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern
Remediation
There is no fixed version for Debian:13
glibc
.
References
- https://security-tracker.debian.org/tracker/CVE-2019-9192
- https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
- https://sourceware.org/bugzilla/show_bug.cgi?id=24269
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192
- https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS
low severity
- Vulnerable module: shadow/login.defs
- Introduced through: shadow/login.defs@1:4.17.4-2 and shadow/passwd@1:4.17.4-2
Detailed paths
-
Introduced through: python@3-slim › shadow/login.defs@1:4.17.4-2
-
Introduced through: python@3-slim › shadow/passwd@1:4.17.4-2
NVD Description
Note: Versions mentioned in the description apply only to the upstream shadow
package and not the shadow
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
Remediation
There is no fixed version for Debian:13
shadow
.
References
- https://security-tracker.debian.org/tracker/CVE-2007-5686
- http://www.securityfocus.com/archive/1/482129/100/100/threaded
- http://www.securityfocus.com/archive/1/482857/100/0/threaded
- https://issues.rpath.com/browse/RPL-1825
- http://secunia.com/advisories/27215
- http://www.securityfocus.com/bid/26048
- http://www.vupen.com/english/advisories/2007/3474
low severity
- Vulnerable module: util-linux
- Introduced through: util-linux@2.41-5, util-linux/bsdutils@1:2.41-5 and others
Detailed paths
-
Introduced through: python@3-slim › util-linux@2.41-5
-
Introduced through: python@3-slim › util-linux/bsdutils@1:2.41-5
-
Introduced through: python@3-slim › util-linux/libblkid1@2.41-5
-
Introduced through: python@3-slim › util-linux/liblastlog2-2@2.41-5
-
Introduced through: python@3-slim › util-linux/libmount1@2.41-5
-
Introduced through: python@3-slim › util-linux/libsmartcols1@2.41-5
-
Introduced through: python@3-slim › util-linux/libuuid1@2.41-5
-
Introduced through: python@3-slim › util-linux/login@1:4.16.0-2+really2.41-5
-
Introduced through: python@3-slim › util-linux/mount@2.41-5
NVD Description
Note: Versions mentioned in the description apply only to the upstream util-linux
package and not the util-linux
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
Remediation
There is no fixed version for Debian:13
util-linux
.
References
- https://security-tracker.debian.org/tracker/CVE-2022-0563
- https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
- https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u
- https://security.gentoo.org/glsa/202401-08
- https://security.netapp.com/advisory/ntap-20220331-0002/
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.41-12 and glibc/libc6@2.41-12
Detailed paths
-
Introduced through: python@3-slim › glibc/libc-bin@2.41-12
-
Introduced through: python@3-slim › glibc/libc6@2.41-12
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
Remediation
There is no fixed version for Debian:13
glibc
.
References
- https://security-tracker.debian.org/tracker/CVE-2019-1010024
- https://support.f5.com/csp/article/K06046097
- https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
- https://sourceware.org/bugzilla/show_bug.cgi?id=22852
- http://www.securityfocus.com/bid/109162
- https://ubuntu.com/security/CVE-2019-1010024
- https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.41-12 and glibc/libc6@2.41-12
Detailed paths
-
Introduced through: python@3-slim › glibc/libc-bin@2.41-12
-
Introduced through: python@3-slim › glibc/libc6@2.41-12
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.
Remediation
There is no fixed version for Debian:13
glibc
.
References
- https://security-tracker.debian.org/tracker/CVE-2019-1010025
- https://support.f5.com/csp/article/K06046097
- https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
- https://sourceware.org/bugzilla/show_bug.cgi?id=22853
- https://ubuntu.com/security/CVE-2019-1010025
- https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS
low severity
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@257.8-1~deb13u2 and systemd/libudev1@257.8-1~deb13u2
Detailed paths
-
Introduced through: python@3-slim › systemd/libsystemd0@257.8-1~deb13u2
-
Introduced through: python@3-slim › systemd/libudev1@257.8-1~deb13u2
NVD Description
Note: Versions mentioned in the description apply only to the upstream systemd
package and not the systemd
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
Remediation
There is no fixed version for Debian:13
systemd
.
References
low severity
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@257.8-1~deb13u2 and systemd/libudev1@257.8-1~deb13u2
Detailed paths
-
Introduced through: python@3-slim › systemd/libsystemd0@257.8-1~deb13u2
-
Introduced through: python@3-slim › systemd/libudev1@257.8-1~deb13u2
NVD Description
Note: Versions mentioned in the description apply only to the upstream systemd
package and not the systemd
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
Remediation
There is no fixed version for Debian:13
systemd
.
References
low severity
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@257.8-1~deb13u2 and systemd/libudev1@257.8-1~deb13u2
Detailed paths
-
Introduced through: python@3-slim › systemd/libsystemd0@257.8-1~deb13u2
-
Introduced through: python@3-slim › systemd/libudev1@257.8-1~deb13u2
NVD Description
Note: Versions mentioned in the description apply only to the upstream systemd
package and not the systemd
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
Remediation
There is no fixed version for Debian:13
systemd
.
References
low severity
- Vulnerable module: coreutils
- Introduced through: coreutils@9.7-3
Detailed paths
-
Introduced through: python@3-slim › coreutils@9.7-3
NVD Description
Note: Versions mentioned in the description apply only to the upstream coreutils
package and not the coreutils
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Remediation
There is no fixed version for Debian:13
coreutils
.
References
low severity
- Vulnerable module: coreutils
- Introduced through: coreutils@9.7-3
Detailed paths
-
Introduced through: python@3-slim › coreutils@9.7-3
NVD Description
Note: Versions mentioned in the description apply only to the upstream coreutils
package and not the coreutils
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
Remediation
There is no fixed version for Debian:13
coreutils
.
References
- https://security-tracker.debian.org/tracker/CVE-2025-5278
- https://access.redhat.com/security/cve/CVE-2025-5278
- https://bugzilla.redhat.com/show_bug.cgi?id=2368764
- http://www.openwall.com/lists/oss-security/2025/05/27/2
- http://www.openwall.com/lists/oss-security/2025/05/29/1
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
- https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14
- http://www.openwall.com/lists/oss-security/2025/05/29/2
low severity
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@257.8-1~deb13u2 and systemd/libudev1@257.8-1~deb13u2
Detailed paths
-
Introduced through: python@3-slim › systemd/libsystemd0@257.8-1~deb13u2
-
Introduced through: python@3-slim › systemd/libudev1@257.8-1~deb13u2
NVD Description
Note: Versions mentioned in the description apply only to the upstream systemd
package and not the systemd
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
Remediation
There is no fixed version for Debian:13
systemd
.
References
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.41-12 and glibc/libc6@2.41-12
Detailed paths
-
Introduced through: python@3-slim › glibc/libc-bin@2.41-12
-
Introduced through: python@3-slim › glibc/libc6@2.41-12
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
Remediation
There is no fixed version for Debian:13
glibc
.
References
low severity
- Vulnerable module: sqlite3/libsqlite3-0
- Introduced through: sqlite3/libsqlite3-0@3.46.1-7
Detailed paths
-
Introduced through: python@3-slim › sqlite3/libsqlite3-0@3.46.1-7
NVD Description
Note: Versions mentioned in the description apply only to the upstream sqlite3
package and not the sqlite3
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
Remediation
There is no fixed version for Debian:13
sqlite3
.
References
- https://security-tracker.debian.org/tracker/CVE-2021-45346
- https://github.com/guyinatuxedo/sqlite3_record_leaking
- https://security.netapp.com/advisory/ntap-20220303-0001/
- https://sqlite.org/forum/forumpost/056d557c2f8c452ed5
- https://sqlite.org/forum/forumpost/53de8864ba114bf6
- https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves
low severity
- Vulnerable module: apt
- Introduced through: apt@3.0.3 and apt/libapt-pkg7.0@3.0.3
Detailed paths
-
Introduced through: python@3-slim › apt@3.0.3
-
Introduced through: python@3-slim › apt/libapt-pkg7.0@3.0.3
NVD Description
Note: Versions mentioned in the description apply only to the upstream apt
package and not the apt
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Remediation
There is no fixed version for Debian:13
apt
.
References
- https://security-tracker.debian.org/tracker/CVE-2011-3374
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
- https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
- https://seclists.org/fulldisclosure/2011/Sep/221
- https://snyk.io/vuln/SNYK-LINUX-APT-116518
- https://ubuntu.com/security/CVE-2011-3374
- https://access.redhat.com/security/cve/cve-2011-3374
low severity
- Vulnerable module: ncurses/libncursesw6
- Introduced through: ncurses/libncursesw6@6.5+20250216-2, ncurses/libtinfo6@6.5+20250216-2 and others
Detailed paths
-
Introduced through: python@3-slim › ncurses/libncursesw6@6.5+20250216-2
-
Introduced through: python@3-slim › ncurses/libtinfo6@6.5+20250216-2
-
Introduced through: python@3-slim › ncurses/ncurses-base@6.5+20250216-2
-
Introduced through: python@3-slim › ncurses/ncurses-bin@6.5+20250216-2
NVD Description
Note: Versions mentioned in the description apply only to the upstream ncurses
package and not the ncurses
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.
Remediation
There is no fixed version for Debian:13
ncurses
.
References
- https://security-tracker.debian.org/tracker/CVE-2025-6141
- https://invisible-island.net/ncurses/NEWS.html#index-t20250329
- https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
- https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html
- https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html
- https://vuldb.com/?ctiid.312610
- https://vuldb.com/?id.312610
- https://vuldb.com/?submit.593000
- https://www.gnu.org/
low severity
- Vulnerable module: perl/perl-base
- Introduced through: perl/perl-base@5.40.1-6
Detailed paths
-
Introduced through: python@3-slim › perl/perl-base@5.40.1-6
NVD Description
Note: Versions mentioned in the description apply only to the upstream perl
package and not the perl
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
_is_safe in the File::Temp module for Perl does not properly handle symlinks.
Remediation
There is no fixed version for Debian:13
perl
.
References
- https://security-tracker.debian.org/tracker/CVE-2011-4116
- https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
- https://rt.cpan.org/Public/Bug/Display.html?id=69106
- https://seclists.org/oss-sec/2011/q4/238
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
low severity
new
- Vulnerable module: openssl
- Introduced through: openssl@3.5.1-1, openssl/libssl3t64@3.5.1-1 and others
Detailed paths
-
Introduced through: python@3-slim › openssl@3.5.1-1
-
Introduced through: python@3-slim › openssl/libssl3t64@3.5.1-1
-
Introduced through: python@3-slim › openssl/openssl-provider-legacy@3.5.1-1
NVD Description
Note: Versions mentioned in the description apply only to the upstream openssl
package and not the openssl
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
Remediation
There is no fixed version for Debian:13
openssl
.
References
- https://security-tracker.debian.org/tracker/CVE-2025-9230
- https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45
- https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280
- https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def
- https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd
- https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482
- https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3
- https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba
- https://openssl-library.org/news/secadv/20250930.txt
low severity
new
- Vulnerable module: openssl
- Introduced through: openssl@3.5.1-1, openssl/libssl3t64@3.5.1-1 and others
Detailed paths
-
Introduced through: python@3-slim › openssl@3.5.1-1
-
Introduced through: python@3-slim › openssl/libssl3t64@3.5.1-1
-
Introduced through: python@3-slim › openssl/openssl-provider-legacy@3.5.1-1
NVD Description
Note: Versions mentioned in the description apply only to the upstream openssl
package and not the openssl
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms.
Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker..
While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack.
OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.
Remediation
There is no fixed version for Debian:13
openssl
.
References
- https://security-tracker.debian.org/tracker/CVE-2025-9231
- https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe
- https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698
- https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4
- https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2
- https://openssl-library.org/news/secadv/20250930.txt
low severity
new
- Vulnerable module: openssl
- Introduced through: openssl@3.5.1-1, openssl/libssl3t64@3.5.1-1 and others
Detailed paths
-
Introduced through: python@3-slim › openssl@3.5.1-1
-
Introduced through: python@3-slim › openssl/libssl3t64@3.5.1-1
-
Introduced through: python@3-slim › openssl/openssl-provider-legacy@3.5.1-1
NVD Description
Note: Versions mentioned in the description apply only to the upstream openssl
package and not the openssl
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address.
Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application.
The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker.
In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity.
The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.
Remediation
There is no fixed version for Debian:13
openssl
.
References
- https://security-tracker.debian.org/tracker/CVE-2025-9232
- https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35
- https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b
- https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3
- https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf
- https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0
- https://openssl-library.org/news/secadv/20250930.txt
low severity
- Vulnerable module: shadow/login.defs
- Introduced through: shadow/login.defs@1:4.17.4-2 and shadow/passwd@1:4.17.4-2
Detailed paths
-
Introduced through: python@3-slim › shadow/login.defs@1:4.17.4-2
-
Introduced through: python@3-slim › shadow/passwd@1:4.17.4-2
NVD Description
Note: Versions mentioned in the description apply only to the upstream shadow
package and not the shadow
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
Remediation
There is no fixed version for Debian:13
shadow
.
References
low severity
new
- Vulnerable module: sqlite3/libsqlite3-0
- Introduced through: sqlite3/libsqlite3-0@3.46.1-7
Detailed paths
-
Introduced through: python@3-slim › sqlite3/libsqlite3-0@3.46.1-7
NVD Description
Note: Versions mentioned in the description apply only to the upstream sqlite3
package and not the sqlite3
package as distributed by Debian
.
See How to fix?
for Debian:13
relevant fixed versions and status.
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
Remediation
There is no fixed version for Debian:13
sqlite3
.