Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-f748-7hpg-88ch

Опубликовано: 29 окт. 2024
Источник: github
Github: Прошло ревью
CVSS4: 4.8
CVSS3: 4.1

Описание

NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

Ссылки

Пакеты

Наименование

github.com/NVIDIA/nvidia-container-toolkit

go
Затронутые версииВерсия исправления

< 1.16.2

1.16.2

EPSS

Процентиль: 70%
0.00634
Низкий

4.8 Medium

CVSS4

4.1 Medium

CVSS3

CVE ID

CVE-2024-0133

Дефекты

CWE-367

Связанные уязвимости

redhat логотип

CVE-2024-0133

CVSS3: 3.4
redhat
около 1 года назад

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

nvd логотип

CVE-2024-0133

CVSS3: 4.1
nvd
около 1 года назад

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

msrc логотип

CVE-2024-0133

CVSS3: 3.4
msrc
около 1 года назад

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

fstec логотип

BDU:2024-09498

CVSS3: 4.1
fstec
почти 2 года назад

Уязвимость программного обеспечения для создания и запуска контейнеров NVIDIA Container Toolkit и программного средства для управления ресурсами NVIDIA GPU Operator, позволяющая нарушителю изменить произвольные данные

redos логотип

ROS-20251030-02

CVSS3: 5.5
redos
около 1 месяца назад

Множественные уязвимости nvidia-container-toolkit

EPSS

Процентиль: 70%
0.00634
Низкий

4.8 Medium

CVSS4

4.1 Medium

CVSS3

CVE ID

CVE-2024-0133

Дефекты

CWE-367