wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
Summary
wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory. Red Hat rates this low (CVSS 5.9). Weakness: CWE-908. Affected package(s): insights-proxy/insights-proxy-container-rhel9:1773685509, rhui5/rhua-rhel9:1773670137, glibc, discovery/discovery-server-rhel9:1773273243, discovery/discovery-ui-rhel9:1773273070, glibc-main. Resolved in Red Hat advisory RHSA-2026:18139 — update the affected packages (`sudo dnf update`).
- insights-proxy/insights-proxy-container-rhel9:1773685509
- rhui5/rhua-rhel9:1773670137
- glibc-0:2.34-231.el9_7.10
- discovery/discovery-server-rhel9:1773273243
- discovery/discovery-ui-rhel9:1773273070
- glibc-main-2.42-11.1.hum1
- costmanagement/costmanagement-metrics-rhel9-operator:1770836349
- glibc-0:2.28-251.el8_10.31
- rhui5/cds-rhel9:1773670073
- rhui5/haproxy-rhel9:1773672059
- rhceph/rhceph-8-rhel9:1774002867
- rhui5/installer-rhel9:1773668803
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:18139
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:18139 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.