Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-10036

Quay 3.14.6 Redis 6 Image HIGH Vulnerability CVE-2025-59375 "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations" and CVE-2025-5914 "libarchive: Double free at archive_read_format_rar_seek_data"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • quay-v3.14.6
    • quay-operator
    • None

      Description:

      This is an issue found in Quay 3.14.6 Redis Image, in this Redis Image used Quay 3.14.6 Operator there're some HIGH Image vulnerability like CVE-2025-59375 "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations" and CVE-2025-5914 "libarchive: Double free at archive_read_format_rar_seek_data", but with the latest Redhat Redis image, those CVE issues are fixed already, pls review and use latest Redhat Redis Image.

      Quay 3.14.6 Redis Image:

      registry.redhat.io/rhel8/redis-6@sha256:cefc749916bb70a025acb560e3863e0593015832044b31d7e23e400e20b89bff 

      The latest Redhat Redis image:

      https://catalog.redhat.com/en/software/containers/rhel8/redis-6/6065b06cdfe097aa13042b50#get-this-image 

      registry.redhat.io/rhel8/redis-6@sha256:c521ebfcd5c334c46b4bb7d8ddad270f789857de2fcc374c7ca338c078ec4b71

        1. image-2025-12-17-14-59-08-097.png
          153 kB
          luffy zhang
        2. image-2025-12-17-14-59-42-131.png
          80 kB
          luffy zhang
        3. image-2025-12-17-15-00-19-925.png
          122 kB
          luffy zhang
        4. image-2025-12-17-15-01-02-558.png
          610 kB
          luffy zhang
        5. quay_redis_image_vulnerability-report.txt
          344 kB
          luffy zhang

              lzha1981 luffy zhang
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: