Support Content Notification - Support Portal

Security updated provided in Brocade ASCG 3.4.0b for container-tools (CVE-2024-24785, CVE-2025-61729, CVE-2025-65637)

Product/Component

Brocade ASC-Gateway OVA

1 more products

Notification Id

37500

Last Updated

19 May 2026

Initial Publication Date

19 May 2026

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

Varies

WorkAround

Affected CVE

CVE-2024-24785, CVE-2025-61729, CVE-2025-65637

Brocade Security Advisory ID	BSA-2026-3513
Component	container-tools

Summary Security update provided in Brocade ASCG before ASCG 3.4.0b

CVE-2024-24785
Title: Errors returned from JSON marshaling may break template escaping in html/template
Description
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
CVE-2025-61729
Title: Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Description
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
CVE-2025-65637
Description
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Products Affected

Brocade ASCG before ASCG 3.4.0b

Solution

Security update provided in Brocade ASG 3.4.0b

Revision History

Version	Change	Date
1.0	Initial Publication	5/19/2026

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.