{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-11T22:58:48Z",
  "bugzilla" : {
    "description" : "yauzl: yauzl: Denial of Service vulnerability in zip file processing",
    "id" : "2446882",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2446882"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-193",
  "details" : [ "yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1.", "A flaw was found in yauzl (Yet Another Unzip Library), a component used in Node.js applications for handling zip files. A remote attacker can exploit an error in how the library processes specific timestamp information within a crafted zip file. This can lead to a denial of service (DoS), causing affected applications to crash and become unavailable." ],
  "statement" : "Moderate: This flaw in yauzl can lead to a denial of service in Node.js applications that process zip file uploads and specifically call `entry.getLastModDate()` on parsed entries. Red Hat products that utilize the affected `yauzl` library in this manner are susceptible to a process crash when handling a specially crafted zip file containing a malformed NTFS extra field.",
  "affected_release" : [ {
    "product_name" : "Red Hat Developer Hub 1.10",
    "release_date" : "2026-06-09T00:00:00Z",
    "advisory" : "RHSA-2026:24841",
    "cpe" : "cpe:/a:redhat:rhdh:1.10::el9",
    "package" : "rhdh/rhdh-hub-rhel9:1780930740"
  } ],
  "package_state" : [ {
    "product_name" : "Cryostat 4",
    "fix_state" : "Fix deferred",
    "package_name" : "cryostat-openshift-console-plugin-npm",
    "cpe" : "cpe:/a:redhat:cryostat:4"
  }, {
    "product_name" : "Node HealthCheck Operator",
    "fix_state" : "Fix deferred",
    "package_name" : "workload-availability/node-remediation-console-rhel8",
    "cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop",
    "fix_state" : "Fix deferred",
    "package_name" : "rh-podman-desktop.git",
    "cpe" : "cpe:/a:redhat:podman_desktop:1"
  }, {
    "product_name" : "Red Hat Developer Hub",
    "fix_state" : "Fix deferred",
    "package_name" : "rhdh/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor",
    "cpe" : "cpe:/a:redhat:rhdh:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "rust",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "rust",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Fix deferred",
    "package_name" : "yauzl",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "fix_state" : "Fix deferred",
    "package_name" : "yauzl",
    "cpe" : "cpe:/a:redhat:jbosseapxp"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Fix deferred",
    "package_name" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Fix deferred",
    "package_name" : "odf4/mcg-core-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Fix deferred",
    "package_name" : "odf4/mcg-core-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Fix deferred",
    "package_name" : "devspaces/code-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  }, {
    "product_name" : "Red Hat Trusted Profile Analyzer",
    "fix_state" : "Fix deferred",
    "package_name" : "rhtpa/rhtpa-trustification-service-rhel9",
    "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2"
  }, {
    "product_name" : "Self-service automation portal 2",
    "fix_state" : "Fix deferred",
    "package_name" : "ansible-automation-platform/automation-portal",
    "cpe" : "cpe:/a:redhat:ansible_portal:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31988\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31988\nhttps://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe\nhttps://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash\nhttps://www.npmjs.com/package/yauzl\nhttps://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser" ],
  "name" : "CVE-2026-31988",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}