Direct Vulnerabilities

Known vulnerabilities in the rhcos package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Arbitrary Code Injection

*
  • L
Buffer Access with Incorrect Length Value

*
  • H
Arbitrary Code Injection

*
  • M
Information Exposure

*
  • M
Out-of-bounds Read

*
  • M
Incorrect Calculation of Buffer Size

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Read

*
  • M
Expired Pointer Dereference

*
  • H
Improper Control of Dynamically-Identified Variables

*
  • L
Buffer Overflow

*
  • M
Link Following

*
  • M
Use After Free

*
  • H
Directory Traversal

*
  • M
Link Following

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Write

*
  • H
Link Following

*
  • M
Out-of-bounds Read

*
  • M
Uncontrolled Recursion

*
  • H
Out-of-bounds Read

*
  • H
Function Call with Incorrectly Specified Arguments

*
  • H
Use of Incorrect Operator

*
  • H
Improper Neutralization

*
  • M
Buffer Overflow

*
  • M
Link Following

*
  • M
Double Free

*
  • H
Insufficient Granularity of Access Control

*
  • M
Incorrect Calculation of Buffer Size

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • M
Integer Overflow or Wraparound

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • H
Missing Required Cryptographic Step

*
  • M
Use After Free

*
  • H
Excessive Platform Resource Consumption within a Loop

*
  • H
Improper Update of Reference Count

*
  • L
Out-of-bounds Read

*
  • H
Excessive Platform Resource Consumption within a Loop

*
  • M
Double Free

*
  • M
Improper Restriction of Communication Channel to Intended Endpoints

*
  • M
Heap-based Buffer Overflow

*
  • L
Out-of-bounds Write

*
  • H
Premature Release of Resource During Expected Lifetime

*
  • H
Execution with Unnecessary Privileges

*
  • M
Insufficient Granularity of Access Control

*
  • H
Integer Overflow or Wraparound

*
  • M
Inclusion of Functionality from Untrusted Control Sphere

*
  • M
Heap-based Buffer Overflow

*
  • M
Out-of-bounds Write

*
  • L
Expired Pointer Dereference

*
  • M
Integer Underflow

*
  • M
OS Command Injection

*
  • H
OS Command Injection

*
  • L
Integer Overflow or Wraparound

*
  • L
Information Exposure

*
  • L
Improper Certificate Validation

*
  • L
NULL Pointer Dereference

*
  • L
Incorrect Calculation of Buffer Size

*
  • M
Improper Handling of Length Parameter Inconsistency

*
  • L
Improper Verification of Cryptographic Signature

*
  • M
Generation of Weak Initialization Vector (IV)

*
  • M
NULL Pointer Dereference

*
  • L
Integer Overflow or Wraparound

*
  • H
Expired Pointer Dereference

*
  • L
Improper Verification of Cryptographic Signature

*
  • L
Improper Validation of Integrity Check Value

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • H
Incorrect Privilege Assignment

*
  • L
NULL Pointer Dereference

*
  • C
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • H
Write-what-where Condition

*
  • H
CRLF Injection

*
  • H
Untrusted Search Path

*
  • M
Release of Invalid Pointer or Reference

*
  • M
Off-by-one Error

*
  • M
Improper Update of Reference Count

*
  • M
OS Command Injection

*
  • L
Information Exposure

*
  • L
Expired Pointer Dereference

*
  • M
Processor Optimization Removal or Modification of Security-critical Code

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • H
OS Command Injection

*
  • H
Insufficient Verification of Data Authenticity

*
  • H
Improper Access Control

*
  • M
Improper Handling of Insufficient Permissions or Privileges

*
  • M
OS Command Injection

*
  • M
Out-of-bounds Write

*
  • M
Off-by-one Error

*
  • M
Acceptance of Extraneous Untrusted Data With Trusted Data

*
  • M
Expired Pointer Dereference

*
  • M
Resource Exhaustion

*
  • M
Improper Certificate Validation

*
  • M
Buffer Over-read

*
  • M
Improper Certificate Validation

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
CVE-2026-32792

*
  • M
Out-of-bounds Read

*
  • M
Link Following

*
  • H
Integer Overflow or Wraparound

*
  • M
Authentication Bypass

*
  • H
Time-of-check Time-of-use (TOCTOU)

*
  • M
Integer Overflow or Wraparound

*
  • M
Off-by-one Error

*
  • M
Stack-based Buffer Overflow

*
  • H
Improper Validation of Specified Type of Input

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • M
OS Command Injection

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • M
Heap-based Buffer Overflow

*
  • H
Access of Uninitialized Pointer

*
  • H
CVE-2026-42944

*
  • H
Use After Free

*
  • M
Information Exposure

*
  • M
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

*
  • M
Improper Validation of Specified Type of Input

*
  • H
Undefined Behavior for Input to API

*
  • M
Improper Neutralization of Null Byte or NUL Character

*
  • M
Improper Input Validation

*
  • M
Uncontrolled Recursion

*
  • M
Integer Overflow or Wraparound

*
  • M
Uncontrolled Recursion

*
  • M
Uncontrolled Recursion

*
  • M
Incorrect Calculation of Buffer Size

*
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • H
Out-of-bounds Read

*
  • M
Improper Input Validation

*
  • H
Heap-based Buffer Overflow

*
  • M
Integer Overflow or Wraparound

*
  • H
Write-what-where Condition

*
  • M
Improper Certificate Validation

*
  • H
Improper Null Termination

*
  • H
Insufficient Granularity of Access Control

*
  • M
Buffer Overflow

*
  • H
Improper Handling of Length Parameter Inconsistency

*
  • M
Exposure of Data Element to Wrong Session

*
  • M
Cleartext Transmission of Sensitive Information

*
  • M
Improper Handling of Case Sensitivity

*
  • M
Comparison Using Wrong Factors

*
  • H
Integer Underflow

*
  • H
Improper Validation of Consistency within Input

*
  • M
Information Exposure

*
  • M
Information Exposure

*
  • L
Incorrect Behavior Order: Early Validation

*
  • L
Origin Validation Error

*
  • M
Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • M
OS Command Injection

*
  • M
XML External Entity (XXE) Injection

*
  • H
Deserialization of Untrusted Data

*
  • L
Out-of-bounds Write

*
  • M
NULL Pointer Dereference

*
  • M
Integer Underflow

*
  • M
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

*
  • M
Incorrect Calculation of Buffer Size

*
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • M
Uncontrolled Recursion

*
  • L
Incorrect Permission Assignment for Critical Resource

*
  • M
Resource Exhaustion

*
  • M
Use of Externally-Controlled Format String

*
  • M
Incorrect Calculation of Buffer Size

*
  • M
NULL Pointer Dereference

*
  • M
Out-of-bounds Read

*
  • H
Heap-based Buffer Overflow

*
  • H
Buffer Access with Incorrect Length Value

*
  • M
Buffer Access with Incorrect Length Value

*
  • H
Out-of-bounds Read

*
  • M
Improper Validation of Specified Type of Input

*
  • L
Improper Null Termination

*
  • H
Predictable from Observable State

*
  • M
Uncontrolled Recursion

*
  • M
Integer Overflow or Wraparound

*
  • L
Integer Overflow or Wraparound

*
  • M
Execution with Unnecessary Privileges

*
  • M
Arbitrary Argument Injection

*
  • L
CVE-2026-28387

*
  • L
NULL Pointer Dereference

*
  • H
Time-of-check Time-of-use (TOCTOU)

*
  • M
Buffer Access with Incorrect Length Value

*
  • M
Expired Pointer Dereference

*
  • L
Improper Handling of Missing Special Element

*
  • M
OS Command Injection

*
  • M
Access of Uninitialized Pointer

*
  • M
Integer Underflow

*
  • L
Authentication Bypass by Primary Weakness

*
  • L
Improperly Implemented Security Check for Standard

*
  • M
Expired Pointer Dereference

*
  • M
Improper Certificate Validation

*
  • L
Information Exposure

*
  • L
Improper Certificate Validation

*
  • M
NULL Pointer Dereference

*
  • M
NULL Pointer Dereference

*
  • M
Directory Traversal

*
  • M
Improper Validation of Consistency within Input

*
  • H
OS Command Injection

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • M
Improper Handling of Inconsistent Special Elements

*
  • H
Improper Preservation of Permissions

*
  • H
Least Privilege Violation

*
  • L
OS Command Injection

*
  • M
OS Command Injection

*
  • M
External Control of File Name or Path

*
  • M
Improper Handling of Case Sensitivity

*
  • L
Missing Authentication for Critical Function

*
  • M
Buffer Overflow

*
  • L
Misinterpretation of Input

*
  • M
Directory Traversal

*
  • M
Incorrect Calculation of Buffer Size

*
  • M
Reachable Assertion

*
  • M
Integer Overflow or Wraparound

*
  • M
Misinterpretation of Input

*
  • M
Incorrect Execution-Assigned Permissions

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Expired Pointer Dereference

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
OS Command Injection

*
  • M
Improper Validation of Specified Type of Input

*
  • L
Inappropriate Encoding for Output Context

*
  • M
Improper Validation of Syntactic Correctness of Input

*
  • M
Out-of-bounds Read

*
  • M
Link Following

*
  • M
Incorrect Bitwise Shift of Integer

*
  • H
Reachable Assertion

*
  • H
Out-of-bounds Read

*
  • M
Improper Access Control

*
  • L
Use of Uninitialized Resource

*
  • H
Access of Uninitialized Pointer

*
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Buffer Underflow

*
  • M
Authentication Bypass by Primary Weakness

*
  • M
Information Exposure

*
  • M
Incorrect Implementation of Authentication Algorithm

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Out-of-bounds Read

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
Improper Validation of Specified Index, Position, or Offset in Input

*
  • L
Unchecked Input for Loop Condition

*
  • L
External Control of File Name or Path

*
  • M
Buffer Underflow

*
  • L
Unchecked Input for Loop Condition

*
  • L
NULL Pointer Dereference

*
  • M
CVE-2026-23865

*
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
Incorrect Calculation of Multi-Byte String Length

*
  • L
NULL Pointer Dereference

*
  • L
Inefficient Regular Expression Complexity

*
  • L
Reachable Assertion

*
  • H
Out-of-bounds Read

*
  • M
Buffer Overflow

*
  • M
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

*
  • L
Access of Uninitialized Pointer

*
  • M
Incorrect Execution-Assigned Permissions

*
  • M
Buffer Overflow

*
  • M
Out-of-bounds Read

*
  • M
Directory Traversal

*
  • M
Buffer Overflow

*
  • M
Out-of-bounds Read

*
  • L
Stack-based Buffer Overflow

*
  • M
Expired Pointer Dereference

*
  • L
Double Free

*
  • M
OS Command Injection

*
  • M
Algorithmic Complexity

*
  • L
Out-of-bounds Read

*
  • M
Memory Leak

*
  • M
Memory Leak

*
  • M
Improper Validation of Specified Type of Input

*
  • M
Buffer Overflow

*
  • H
Link Following

*
  • L
Improper Validation of Specified Quantity in Input

*
  • L
NULL Pointer Dereference

*
  • L
Out-of-bounds Write

*
  • M
Incorrect Calculation of Buffer Size

*
  • L
Missing Required Cryptographic Step

*
  • L
Improper Validation of Specified Type of Input

*
  • M
Uncontrolled Recursion

*
  • M
Improper Handling of Parameters

*
  • L
NULL Pointer Dereference

*
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • H
Buffer Overflow

*
  • L
Stack-based Buffer Overflow

*
  • H
Improper Handling of Highly Compressed Data (Data Amplification)

*
  • H
Improper Handling of Highly Compressed Data (Data Amplification)

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • L
Use of Uninitialized Resource

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • L
Integer Overflow or Wraparound

*
  • M
Uncontrolled Recursion

*
  • L
Resource Exhaustion

*
  • L
Uncontrolled Recursion

*
  • M
Use of Uninitialized Resource

*
  • L
Buffer Overflow

*
  • M
Out-of-bounds Read

*
  • M
Reachable Assertion

*
  • M
Integer Underflow

*
  • M
Reachable Assertion

*
  • M
Reachable Assertion

*
  • M
Out-of-bounds Read

*
  • M
Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

*
  • M
Resource Exhaustion

*
  • M
Integer Overflow or Wraparound

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Write

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Read

*
  • L
Stack-based Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • L
NULL Pointer Dereference

*
  • H
Out-of-Bounds

*
  • M
Information Exposure

*
  • M
Use After Free

*
  • M
Integer Overflow or Wraparound

*
  • H
Improper Input Validation

*
  • H
Resource Exhaustion

*
  • M
Out-of-bounds Read

*
  • H
Out-of-bounds Read

*
  • M
Out-of-bounds Read

*
  • M
Unrestricted Externally Accessible Lock

*
  • M
Improper Use of Validation Framework

*
  • L
Algorithmic Complexity

*
  • H
Out-of-bounds Write

*
  • M
Out-of-bounds Read

*
  • M
Integer Overflow or Wraparound

*
  • M
Incorrect Calculation of Buffer Size

*
  • M
CVE-2025-61662

*
  • M
Expired Pointer Dereference

*
  • M
Expired Pointer Dereference

*
  • M
Expired Pointer Dereference

*
  • M
Expired Pointer Dereference

*
  • M
NULL Pointer Dereference

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Resource Exhaustion

*
  • M
Stack-based Buffer Overflow

*
  • M
Acceptance of Extraneous Untrusted Data With Trusted Data

*
  • H
Resource Exhaustion

*
  • H
Improper Verification of Cryptographic Signature

*
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

*
  • L
Out-of-bounds Read

*
  • L
Unchecked Return Value

*
  • M
Improper Validation of Specified Quantity in Input

*
  • L
Use of Uninitialized Resource

*
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • L
Buffer Access with Incorrect Length Value

*
  • L
Out-of-bounds Read

*
  • H
Improper Privilege Management

*
  • L
Out-of-bounds Read

*
  • L
Out-of-bounds Write

*
  • L
Out-of-bounds Read

*
  • M
Improper Neutralization of Null Byte or NUL Character

*
  • M
Failure to Sanitize Special Element

*
  • M
Use After Free

*
  • L
Out-of-bounds Read

*
  • M
Out-of-bounds Write

*
  • M
Improper Check for Unusual or Exceptional Conditions

*
  • M
Out-of-bounds Write

*
  • M
Information Exposure

*
  • M
Out-of-bounds Read

*
  • M
Expired Pointer Dereference

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • M
Out-of-bounds Read

*
  • M
NULL Pointer Dereference

*
  • H
Improper Authentication

*
  • L
Memory Leak

*
  • M
Unchecked Input for Loop Condition

*
  • H
Out-of-bounds Read

*
  • H
Expired Pointer Dereference

*
  • M
Buffer Overflow

*
  • L
Reachable Assertion

*
  • M
Integer Overflow or Wraparound

*
  • L
External Control of System or Configuration Setting

*
  • M
NULL Pointer Dereference

*
  • M
Double Free

*
  • M
Insufficiently Protected Credentials

*
  • H
Acceptance of Extraneous Untrusted Data With Trusted Data

*
  • M
Directory Traversal

*
  • H
Numeric Truncation Error

*
  • M
Directory Traversal

*
  • L
Arbitrary Argument Injection

*
  • M
Directory Traversal

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Write

*
  • H
Use After Free

*
  • M
Double Free

*
  • M
Improper Certificate Validation

*
  • M
NULL Pointer Dereference

*
  • M
Heap-based Buffer Overflow

*
  • M
OS Command Injection

*
  • H
Arbitrary Argument Injection

*
  • H
CRLF Injection

*
  • M
Buffer Overflow

*
  • M
Incorrect Calculation

*
  • M
Return of Wrong Status Code

*
  • L
Use After Free

*
  • M
Double Free

*
  • H
Incorrect Authorization

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Out-of-bounds Read

*
  • M
Uncontrolled Recursion

*
  • L
Missing Release of Resource after Effective Lifetime

*
  • L
Stack-based Buffer Overflow

*
  • M
Directory Traversal

*
  • M
Out-of-bounds Write

*
  • L
Integer Overflow or Wraparound

*
  • L
Heap-based Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • H
Integer Overflow or Wraparound

*
  • L
Out-of-bounds Write

*
  • L
Out-of-bounds Read

*
  • M
Uncontrolled Search Path Element

*
  • M
Race Condition

*
  • M
Stack-based Buffer Overflow

*
  • M
Out-of-Bounds

*
  • M
Out-of-Bounds

*
  • M
Buffer Overflow

*
  • M
Buffer Over-read

*
  • M
Integer Overflow or Wraparound

*
  • M
Untrusted Search Path

*
  • M
Out-of-bounds Write

*
  • M
Incorrect Privilege Assignment

*
  • M
Missing Authentication for Critical Function

*
  • M
Integer Overflow or Wraparound

*
  • M
Out-of-bounds Read

*
  • M
Reversible One-Way Hash

*
  • M
Expected Behavior Violation

*
  • M
Out-of-bounds Read

*
  • M
Return of Wrong Status Code

*
  • L
Missing Release of Resource after Effective Lifetime

*
  • H
NULL Pointer Dereference

*
  • M
Uncontrolled Recursion

*
  • M
Arbitrary Argument Injection

*
  • H
Use After Free

*
  • H
Use After Free

*
  • H
Out-of-bounds Write

*
  • M
Use of Uninitialized Resource

*
  • H
Buffer Overflow

*
  • M
Information Exposure

*
  • M
Unchecked Return Value

*
  • L
NULL Pointer Dereference

*
  • H
Directory Traversal

*
  • H
Out-of-bounds Write

*
  • M
Use After Free

*
  • H
Stack-based Buffer Overflow

*
  • M
Trust Boundary Violation

*
  • M
Improper Update of Reference Count

*
  • M
Out-of-bounds Write

*
  • M
Unchecked Return Value

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Write

*
  • H
Use After Free

*
  • M
Out-of-bounds Write

*
  • L
Use After Free

*
  • L
NULL Pointer Dereference

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Write

*
  • M
Detection of Error Condition Without Action

*
  • L
Out-of-Bounds

*
  • L
Out-of-Bounds

*
  • L
Missing Release of Resource after Effective Lifetime

*
  • L
Missing Release of Resource after Effective Lifetime

*
  • L
Missing Release of Resource after Effective Lifetime

*
  • H
Resource Exhaustion

*
  • M
Out-of-bounds Write

*
  • H
Out-of-bounds Write

*
  • M
Incorrect Calculation of Buffer Size

*
  • H
Resource Exhaustion

*
  • M
Algorithmic Complexity

*
  • M
Algorithmic Complexity

*
  • M
Use After Free

*
  • M
Inappropriate Encoding for Output Context

*
  • M
Information Exposure

*
  • M
Directory Traversal

*
  • L
Inappropriate Encoding for Output Context

*
  • M
Detection of Error Condition Without Action

*
  • L
Heap-based Buffer Overflow

*
  • H
Use of Uninitialized Resource

*
  • M
Race Condition

*
  • L
Improper Neutralization

*
  • L
Out-of-bounds Write

*
  • L
Covert Timing Channel

*
  • L
Improper Check for Unusual or Exceptional Conditions

*
  • M
Directory Traversal

*
  • H
Symlink Following

*
  • L
Insecure Default Initialization of Resource

*
  • M
NULL Pointer Dereference

*
  • M
Out-of-Bounds

*
  • L
Information Exposure

*
  • M
Insecure Temporary File

*
  • M
Use of Insufficiently Random Values

*
  • L
Comparison Using Wrong Factors

*
  • M
Symlink Following

*
  • M
Small Space of Random Values

*
  • H
Improper Authentication

*
  • L
Improper Certificate Validation

*
  • L
Use After Free

*
  • M
Unchecked Input for Loop Condition

*
  • M
Improper Input Validation

*
  • H
Out-of-bounds Write

*
  • M
Improper Finite State Machines (FSMs) in Hardware Logic

*
  • M
Improper Certificate Validation

*
  • M
Heap-based Buffer Overflow

*
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow or Wraparound

*
  • M
Integer Overflow or Wraparound

*
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • L
Directory Traversal

*
  • L
Heap-based Buffer Overflow

*
  • M
Double Free

*
  • L
Heap-based Buffer Overflow

*
  • L
Use After Free

*
  • L
Use After Free

*
  • H
Use After Free

*
  • L
Double Free

*
  • L
NULL Pointer Dereference

*
  • L
Heap-based Buffer Overflow

*
  • L
Out-of-bounds Read

*
  • M
Improper Synchronization

*
  • H
CVE-2024-4076

*
  • H
Resource Exhaustion

*
  • H
Resource Exhaustion

*
  • H
Arbitrary Code Injection

*
  • M
Race Condition

*
  • H
Race Condition

*
  • L
Information Exposure

*
  • M
CVE-2024-26602

*