{"affected":[{"ecosystem_specific":{"binaries":[{"vexctl":"0.4.1+git78.f951e3a-150000.1.11.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"vexctl","purl":"pkg:rpm/opensuse/vexctl&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.1+git78.f951e3a-150000.1.11.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for vexctl fixes the following issues:\n\n- Update to version 0.4.1+git78.f951e3a:\n- CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. (bsc#1239186)\n- CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto. (bsc#1234486)\n- CVE-2025-27144: Go JOSE's Parsing Vulnerable to Denial of Service. (bsc#1237611)\n- CVE-2025-22870: proxy bypass using IPv6 zone IDs. (bsc#1238683)\n- CVE-2025-22869: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh. (bsc#1239323)\n- CVE-2025-30204: jwt-go allows excessive memory allocation during header parsing. (bsc#1240444)\n- CVE-2025-58181: invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253802)\n- CVE-2026-22772: MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services. (bsc#1256535)\n- CVE-2026-24137: legacy TUF client allows for arbitrary file writes with target cache path traversal. (bsc#1257138)\n","id":"SUSE-SU-2026:0592-1","modified":"2026-02-20T14:27:24Z","published":"2026-02-20T14:27:24Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260592-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234486"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237611"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238683"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239186"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239323"},{"type":"REPORT","url":"https://bugzilla.suse.com/1240444"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253802"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256535"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257138"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45337"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22868"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22870"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-27144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30204"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-22772"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-24137"}],"related":["CVE-2024-45337","CVE-2025-22868","CVE-2025-22869","CVE-2025-22870","CVE-2025-27144","CVE-2025-30204","CVE-2025-58181","CVE-2026-22772","CVE-2026-24137"],"summary":"Security update for vexctl","upstream":["CVE-2024-45337","CVE-2025-22868","CVE-2025-22869","CVE-2025-22870","CVE-2025-27144","CVE-2025-30204","CVE-2025-58181","CVE-2026-22772","CVE-2026-24137"]}