Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Primary rating from Vendor (https://github.com/ruby/net-imap).
CVSS VectorVendor: https://github.com/ruby/net-imap
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Summary
Two Net::IMAP commands, #id and #enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands.
Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon.
Details
When Net::IMAP#id is called with a hash argument, although the ID field value strings are correctly quoted (escaping quoted specials), they were not validated to prohibit CRLF sequences.
While Net::IMAP#enable does process its arguments for aliases, it does not validate them as valid atoms (or as a list of valid atoms). The #to_s value is sent verbatim.
Impact
This is expected to impact very few users: use of untrusted user input for either command is expected to be very uncommon.
The documentation for #enable explicitly warns that using any arguments that are not in the explicitly supported list may result in undocumented behavior. Using arbitrary untrusted user input for #enable will always be inappropriate.
Although client ID field values will most commonly be static and hardcoded, dynamic input sources may be used. For example, client ID fields may be set by configuration or version numbers. Using untrusted user inputs for client ID fields is expected to be uncommon. But any untrusted inputs to client ID can trivially exploit this vulnerability.
Untrusted inputs to either command may include a CRLF sequence followed by a new IMAP command (like DELETE mailbox). Although this does not directly enable data exfiltration, it could be combined with other attack vectors or knowledge of the target system's attributes, e.g.: shared mail folders or the application's installed response handlers.
Mitigation
Update to a version of net-imap which validates #id and #enable arguments.
Untrusted inputs should _never_ be used for #enable arguments.
If net-imap cannot be upgraded:
- do not use untrusted inputs for client ID field values
- or add validation that client ID field values must not contain any CR or LF bytes.
AnalysisAI
Command injection in Ruby's net-imap gem allows arbitrary IMAP protocol command injection via the Net::IMAP#id and Net::IMAP#enable methods when untrusted input is passed as arguments. The #id method fails to prohibit CRLF sequences in ID field value strings (despite correctly quoting other specials), while #enable passes argument .to_s values verbatim without validating them as legal IMAP atoms. An attacker who can influence these inputs can terminate the current IMAP command and append arbitrary subsequent IMAP commands such as DELETE mailbox. Rated 'moderate' by the maintainer; no public exploit identified at time of analysis and no CISA KEV listing.
Technical ContextAI
Net::IMAP is Ruby's standard library client for the Internet Message Access Protocol (RFC 3501), shipped as a standalone RubyGems package (pkg:rubygems/net-imap). The #id method implements the IMAP ID extension (RFC 2971), exchanging client/server identification metadata. The #enable method implements RFC 5161, activating optional IMAP capabilities. Both commands construct raw IMAP protocol strings sent over a TCP/TLS socket. The root cause (CWE-77 - Command Injection) is insufficient input neutralization: #id escapes quoted-string specials but omits CRLF validation, and #enable serializes arguments via .to_s without verifying they conform to the IMAP 'atom' token grammar. Because IMAP uses CRLF as a command terminator, an unvalidated CRLF sequence in either command's wire output allows a second, attacker-controlled command to be injected into the protocol stream.
RemediationAI
The primary fix is to upgrade net-imap to version 0.6.4.1 (for applications on the 0.6.x branch) or version 0.5.15 (for applications on the 0.5.x branch), as confirmed by the vendor advisory GHSA-46q3-7gv7-qmgg and the release at https://github.com/ruby/net-imap/releases/tag/v0.6.4.1. The fixes add validation that ID field values contain only permitted bytes (PRs #698 and #699) and that #enable arguments conform to the IMAP atom grammar. If upgrading is not immediately possible, the maintainer recommends two compensating controls: first, eliminate any use of untrusted user input as arguments to Net::IMAP#enable entirely - the documentation already designates this a misuse; second, for Net::IMAP#id, add application-level input validation that rejects any ID field value containing CR (0x0D) or LF (0x0A) bytes before passing them to the library. The trade-off of the second control is that it must be applied consistently at every call site; missing a single call site leaves the injection path open.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Affected |
| SUSE Linux Enterprise High Availability Extension 16.0 | Affected |
| SUSE Linux Enterprise High Availability Extension 16.1 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Server Applications 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| openSUSE Leap 16.0 | Affected |
| openSUSE Leap 16.0 | Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise High Availability Extension 12 SP5 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP4 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP4 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP5 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP5 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Server Applications 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Module for Server Applications 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Server Applications 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5 | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Affected |
| SUSE Linux Enterprise Server 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4 | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5 | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Manager Proxy 4.3 | Not-Affected |
| SUSE Manager Proxy 4.3 | Not-Affected |
| SUSE Manager Proxy 4.3 | Affected |
| SUSE Manager Proxy LTS 4.3 | Not-Affected |
| SUSE Manager Proxy LTS 4.3 | Not-Affected |
| SUSE Manager Proxy LTS 4.3 | Affected |
| SUSE Manager Retail Branch Server 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server 4.3 | Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Affected |
| SUSE Manager Server 4.3 | Not-Affected |
| SUSE Manager Server 4.3 | Not-Affected |
| SUSE Manager Server 4.3 | Affected |
| SUSE Manager Server LTS 4.3 | Not-Affected |
| SUSE Manager Server LTS 4.3 | Not-Affected |
| SUSE Manager Server LTS 4.3 | Affected |
| SUSE CaaS Platform 3.0 | Affected |
| SUSE CaaS Platform 4.0 | Not-Affected |
| SUSE CaaS Platform 4.0 | Not-Affected |
| SUSE CaaS Platform 4.0 | Affected |
| SUSE Enterprise Storage 6 | Not-Affected |
| SUSE Enterprise Storage 6 | Not-Affected |
| SUSE Enterprise Storage 6 | Affected |
| SUSE Enterprise Storage 7 | Not-Affected |
| SUSE Enterprise Storage 7 | Not-Affected |
| SUSE Enterprise Storage 7 | Affected |
| SUSE Enterprise Storage 7.1 | Not-Affected |
| SUSE Enterprise Storage 7.1 | Not-Affected |
| SUSE Enterprise Storage 7.1 | Affected |
| SUSE Linux Enterprise Desktop 12 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 | Affected |
| SUSE Linux Enterprise Desktop 12 SP1 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP1 | Affected |
| SUSE Linux Enterprise Desktop 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP2 | Affected |
| SUSE Linux Enterprise Desktop 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP3 | Affected |
| SUSE Linux Enterprise Desktop 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP4 | Affected |
| SUSE Linux Enterprise Desktop 15 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 | Affected |
| SUSE Linux Enterprise Desktop 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP1 | Affected |
| SUSE Linux Enterprise Desktop 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP2 | Affected |
| SUSE Linux Enterprise Desktop 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP3 | Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Affected |
| SUSE Linux Enterprise High Availability Extension 12 SP4 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP1 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP1 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP2 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP2 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP3 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP3 | Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP6 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Affected |
| SUSE Linux Enterprise Micro 5.0 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Module for Server Applications 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Server Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Server Applications 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Not-Affected |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Affected |
| SUSE Linux Enterprise Server 12 | Not-Affected |
| SUSE Linux Enterprise Server 12 | Affected |
| SUSE Linux Enterprise Server 12 SP1 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP1 | Affected |
| SUSE Linux Enterprise Server 12 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP1-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2 | Affected |
| SUSE Linux Enterprise Server 12 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-BCL | Affected |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3 | Affected |
| SUSE Linux Enterprise Server 12 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-BCL | Affected |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4 | Affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 12-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12-LTSS | Affected |
| SUSE Linux Enterprise Server 15 | Not-Affected |
| SUSE Linux Enterprise Server 15 | Affected |
| SUSE Linux Enterprise Server 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1 | Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2 | Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3 | Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server 15-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15-LTSS | Affected |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Affected |
| SUSE Manager Proxy 4.0 | Not-Affected |
| SUSE Manager Proxy 4.0 | Not-Affected |
| SUSE Manager Proxy 4.0 | Affected |
| SUSE Manager Proxy 4.1 | Not-Affected |
| SUSE Manager Proxy 4.1 | Not-Affected |
| SUSE Manager Proxy 4.1 | Affected |
| SUSE Manager Proxy 4.2 | Not-Affected |
| SUSE Manager Proxy 4.2 | Not-Affected |
| SUSE Manager Proxy 4.2 | Affected |
| SUSE Manager Retail Branch Server 4.0 | Not-Affected |
| SUSE Manager Retail Branch Server 4.0 | Not-Affected |
| SUSE Manager Retail Branch Server 4.0 | Affected |
| SUSE Manager Retail Branch Server 4.1 | Not-Affected |
| SUSE Manager Retail Branch Server 4.1 | Not-Affected |
| SUSE Manager Retail Branch Server 4.1 | Affected |
| SUSE Manager Retail Branch Server 4.2 | Not-Affected |
| SUSE Manager Retail Branch Server 4.2 | Not-Affected |
| SUSE Manager Retail Branch Server 4.2 | Affected |
| SUSE Manager Server 4.0 | Not-Affected |
| SUSE Manager Server 4.0 | Not-Affected |
| SUSE Manager Server 4.0 | Affected |
| SUSE Manager Server 4.1 | Not-Affected |
| SUSE Manager Server 4.1 | Not-Affected |
| SUSE Manager Server 4.1 | Affected |
| SUSE Manager Server 4.2 | Not-Affected |
| SUSE Manager Server 4.2 | Not-Affected |
| SUSE Manager Server 4.2 | Affected |
| SUSE OpenStack Cloud 7 | Not-Affected |
| SUSE OpenStack Cloud 7 | Affected |
| SUSE OpenStack Cloud 8 | Not-Affected |
| SUSE OpenStack Cloud 8 | Affected |
| SUSE OpenStack Cloud 9 | Not-Affected |
| SUSE OpenStack Cloud 9 | Affected |
| SUSE OpenStack Cloud Crowbar 8 | Not-Affected |
| SUSE OpenStack Cloud Crowbar 8 | Affected |
| SUSE OpenStack Cloud Crowbar 9 | Not-Affected |
| SUSE OpenStack Cloud Crowbar 9 | Affected |
| openSUSE Leap 15.3 | Not-Affected |
| openSUSE Leap 15.3 | Not-Affected |
| openSUSE Leap 15.3 | Not-Affected |
| openSUSE Leap 15.3 | Affected |
| openSUSE Leap 15.3 | Affected |
| openSUSE Leap 15.4 | Not-Affected |
| openSUSE Leap 15.4 | Not-Affected |
| openSUSE Leap 15.4 | Not-Affected |
| openSUSE Leap 15.4 | Affected |
| openSUSE Leap 15.4 | Affected |
| openSUSE Leap 15.5 | Not-Affected |
| openSUSE Leap 15.5 | Not-Affected |
| openSUSE Leap 15.5 | Not-Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.6 | Not-Affected |
| openSUSE Leap 15.6 | Not-Affected |
| openSUSE Leap 15.6 | Not-Affected |
| openSUSE Leap 15.6 | Affected |
| openSUSE Leap 15.6 | Affected |
| suse/rmt-server | Not-Affected |
| bci/ruby suse/rmt-server | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38353
GHSA-46q3-7gv7-qmgg