Publish Advisories

GHSA-4vvc-r4p4-qgrr
GHSA-hq76-6gh2-5g4q
GHSA-2fjw-whxm-9v4q

Author: advisory-database[bot]

advisories/github-reviewed/2023/11/GHSA-4vvc-r4p4-qgrr/GHSA-4vvc-r4p4-qgrr.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4vvc-r4p4-qgrr",
-  "modified": "2025-02-13T19:21:06Z",
+  "modified": "2025-12-01T16:05:30Z",
   "published": "2023-11-24T09:30:28Z",
   "aliases": [
     "CVE-2023-48796"
@@ -74,6 +74,10 @@
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2023/11/24/1"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2025/11/28/1"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2025/10/GHSA-hq76-6gh2-5g4q/GHSA-hq76-6gh2-5g4q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hq76-6gh2-5g4q",
-  "modified": "2025-10-27T22:31:49Z",
+  "modified": "2025-12-01T16:06:06Z",
   "published": "2025-10-27T16:20:25Z",
   "aliases": [
     "CVE-2025-58356"
@@ -55,6 +55,10 @@
       "type": "WEB",
       "url": "https://github.com/edgelesssys/constellation/commit/bb8d2c8a5c0a0a6510d2cc43055be21f4a3ab83c"
     },
+    {
+      "type": "WEB",
+      "url": "https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/edgelesssys/constellation"

advisories/github-reviewed/2025/11/GHSA-2fjw-whxm-9v4q/GHSA-2fjw-whxm-9v4q.json

@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2fjw-whxm-9v4q",
-  "modified": "2025-11-25T23:18:37Z",
+  "modified": "2025-12-01T16:04:47Z",
   "published": "2025-11-25T23:18:37Z",
   "aliases": [],
   "summary": "libnftnl has Heap-based Buffer Overflow in nftnl::Batch::with_page_size (nftnl-rs)",
-  "details": "A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::with_page_size constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch initialization.\n\nThe flaw was fixed in commit 94a286f by adding an overflow check:\n```Rust\nbatch_page_size\n    .checked_add(crate::nft_nlmsg_maxsize())\n    .expect(\"batch_page_size is too large and would overflow\");\n```\nThe fix has not been added to the Rust registry at the time of publish.",
+  "details": "A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::with_page_size constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch initialization.\n\nThe flaw was fixed in commit 94a286f by adding an overflow check:\n```Rust\nbatch_page_size\n    .checked_add(crate::nft_nlmsg_maxsize())\n    .expect(\"batch_page_size is too large and would overflow\");\n```",
   "severity": [
     {
       "type": "CVSS_V4",
@@ -26,11 +26,14 @@
               "introduced": "0"
             },
             {
-              "last_affected": "0.8.0"
+              "fixed": "0.9.0"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.8.0"
+      }
     }
   ],
   "references": [