Bug 2389907 (CVE-2024-31884) - CVE-2024-31884 pybind: Improper use of Pybind
Summary: CVE-2024-31884 pybind: Improper use of Pybind
Keywords:
Status: NEW
Alias: CVE-2024-31884
Deadline: 2026-02-20
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-20 20:51 UTC by OSIDB Bzimport
Modified: 2026-02-17 00:51 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:1536 0 None None None 2026-01-29 06:57:28 UTC
Red Hat Product Errata RHSA-2026:2711 0 None None None 2026-02-16 10:42:34 UTC
Red Hat Product Errata RHSA-2026:2769 0 None None None 2026-02-17 00:51:14 UTC

Description OSIDB Bzimport 2025-08-20 20:51:12 UTC 
Ceph uses Pybind in a way which does not implement proper certificate checking. This impacts confidentiality and integrity, as an attacker may exploit an unset SSL context to allow the use of any certificate.
Comment 1 errata-xmlrpc 2026-01-29 06:57:27 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 9.0

Via RHSA-2026:1536 https://access.redhat.com/errata/RHSA-2026:1536
Comment 2 errata-xmlrpc 2026-02-16 10:42:32 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 8.1

Via RHSA-2026:2711 https://access.redhat.com/errata/RHSA-2026:2711
Comment 3 errata-xmlrpc 2026-02-17 00:51:12 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 7.1

Via RHSA-2026:2769 https://access.redhat.com/errata/RHSA-2026:2769
Note You need to log in before you can comment on or make changes to this bug.