Bug 2389980 (CVE-2025-9288)
| Summary: | CVE-2025-9288 sha.js: Missing type checks leading to hash rewind and passing on crafted data | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abarbaro, alcohan, anjoseph, bdettelb, bkabrda, caswilli, chfoley, dbosanac, dhanak, doconnor, drosa, dsimansk, eric.wittmann, gmalinko, gotiwari, gparvin, ibek, janstey, jbalunas, jcantril, jchui, jhe, jkoehler, jprabhak, jreimann, jrokos, jscholz, jwendell, kaycoth, kingland, ktsao, kverlaen, lball, lchilton, lphiri, matzew, mdessi, mnovotny, mrizzi, mvyas, nboldt, ngough, nipatil, njean, owatkins, pahickey, pantinor, pcattana, pdelbell, pjindal, psrna, rcernich, rhaigner, rkubis, rojacob, rstepani, sausingh, sdawley, sfeifer, swoodman, teagle, veshanka, wtam |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability was found in sha.js, where the hashing implementation does not perform sufficient input type validation. The .update() function accepts arbitrary objects, including those with crafted length properties, which can alter the internal state machine of the hashing process. This flaw may result in unexpected behavior such as rewinding the hash state, producing inconsistent digest outputs, or entering invalid processing loops. The issue was introduced due to the reliance on JavaScript object coercion rules rather than enforcing strict buffer or string inputs.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2389999, 2390001, 2390004, 2390000, 2390002, 2390003, 2390005, 2390006, 2390007, 2390008 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-08-20 23:01:20 UTC
This issue has been addressed in the following products: multicluster engine for Kubernetes 2.7 for RHEL 8 multicluster engine for Kubernetes 2.7 for RHEL 9 Via RHSA-2025:18278 https://access.redhat.com/errata/RHSA-2025:18278 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 Via RHSA-2025:18744 https://access.redhat.com/errata/RHSA-2025:18744 |