Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-23650

Опубликовано: 31 янв. 2024
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

A vulnerability was found in the Moby Builder Toolkit. A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation. A frontend is usually specified as the #syntax line on a Dockerfile or with the --frontend flag when using the buildctl build command.

Меры по смягчению последствий

Avoid using untrusted input for the client or frontend syntax to minimize the vulnerability exploration.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Developer Tools and ServicesodoFix deferred
OpenShift Serverlessopenshift-serverless-1/client-kn-rhel8Not affected
OpenShift Serverlessopenshift-serverless-clientsNot affected
OpenShift Service Mesh 2openshift-service-mesh/istio-cni-rhel8Not affected
Red Hat Ansible Automation Platform 1.2openshift-clientsNot affected
Red Hat Enterprise Linux 9buildahNot affected
Red Hat Enterprise Linux 9podmanNot affected
Red Hat OpenShift Container Platform 4openshift-clientsAffected
Red Hat OpenShift Dev Spacesdevspaces/traefik-rhel8Affected
Red Hat Quay 3quay/quay-builder-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-754
https://bugzilla.redhat.com/show_bug.cgi?id=2262272moby/buildkit: Possible race condition with accessing subpaths from cache mounts

EPSS

Процентиль: 29%
0.0011
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-23650

CVSS3: 5.3
ubuntu
около 2 лет назад

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

nvd логотип

CVE-2024-23650

CVSS3: 5.3
nvd
около 2 лет назад

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

msrc логотип

CVE-2024-23650

CVSS3: 5.3
msrc
около 1 месяца назад

BuildKit possible panic when incorrect parameters sent from frontend

github логотип

GHSA-9p26-698r-w4hx

CVSS3: 5.3
github
около 2 лет назад

BuildKit vulnerable to possible panic when incorrect parameters sent from frontend

suse-cvrf логотип

SUSE-SU-2025:0226-1

suse-cvrf
около 1 года назад

Security update for docker-stable

EPSS

Процентиль: 29%
0.0011
Низкий

5.3 Medium

CVSS3