Описание
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/noble | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| mantic | ignored | end of life, was needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 27.5.1-0ubuntu3 |
| esm-apps/focal | needed | |
| esm-apps/jammy | released | 27.5.1-0ubuntu3~22.04.2 |
| esm-apps/noble | released | 27.5.1-0ubuntu3~24.04.2 |
| focal | ignored | end of standard support, was needed |
| jammy | released | 27.5.1-0ubuntu3~22.04.2 |
| mantic | ignored | end of life, was needed |
| noble | released | 27.5.1-0ubuntu3~24.04.2 |
| oracular | ignored | end of life, was needed |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
EPSS
5.3 Medium
CVSS3