SB2025080706 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.12

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025080706

SB2025080706 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.12

Published: August 7, 2025

Security Bulletin ID SB2025080706
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 31% Medium 23% Low 46%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Link following (CVE-ID: CVE-2024-45339)

The vulnerability allows a local user to overwrite arbitrary files on the system.

The vulnerability exists due to insecure link following when writing log files. A local user can point a symbolic link to a critical file on the system and overwrite it with the log data.


2) Buffer overflow (CVE-ID: CVE-2022-49058)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_mf_symlink() function in fs/cifs/link.c. A local user can escalate privileges on the system.


3) Out-of-bounds read (CVE-ID: CVE-2022-49395)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_ldt_entry() function in arch/x86/um/ldt.c. A local user can perform a denial of service (DoS) attack.


4) Path traversal (CVE-ID: CVE-2024-12718)

The vulnerability allows a remote attacker to modify arbitrary files on the system.

The vulnerability exists due to input validation error in the tarfile module. A remote attacker can pass a specially crafted archive to the application and modify some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory.


5) Integer overflow (CVE-ID: CVE-2024-23337)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in src/jv.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.


6) Link following (CVE-ID: CVE-2025-4138)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory during extraction with filter="data"..


7) Link following (CVE-ID: CVE-2025-4330)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory.


8) Expected behavior violation (CVE-ID: CVE-2025-4435)

The vulnerability allows a remote attacker to change expected behavior. 

The vulnerability exists due to an error when using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior. A remote attacker can force the application to extract files that were meant to be skipped. 


9) Path traversal (CVE-ID: CVE-2025-4517)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error in the tarfile module when extracting files from an archive with filter="data". A remote attacker can pass specially crafted archive to the application and write files to arbitrary locations on the system outside the extraction directory.


10) Improper access control (CVE-ID: CVE-2025-6020)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions within the pam_namespace module when handling user-controlled paths. A local user can use specially crafted symlinks and race conditions to execute arbitrary code as root. 


11) Use-after-free (CVE-ID: CVE-2025-22004)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.


12) Path traversal (CVE-ID: CVE-2025-47273)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.


13) Heap-based buffer overflow (CVE-ID: CVE-2025-48060)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the jv_string_vfmt() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References