CVE-2024-3727
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-3727
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3727.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-3727
- Aliases
- Related
- Published
- 2024-05-14T15:42:07Z
- Modified
- 2024-09-18T03:26:25.883239Z
- Summary
- [none]
- Details
-
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
- References
-
- https://access.redhat.com/errata/RHSA-2024:0045
- https://access.redhat.com/errata/RHSA-2024:4159
- https://access.redhat.com/errata/RHSA-2024:4613
- https://access.redhat.com/errata/RHSA-2024:4850
- https://access.redhat.com/errata/RHSA-2024:4960
- https://access.redhat.com/errata/RHSA-2024:5258
- https://access.redhat.com/errata/RHSA-2024:5951
- https://access.redhat.com/errata/RHSA-2024:6054
- https://access.redhat.com/errata/RHSA-2024:6708
- https://bugzilla.redhat.com/show_bug.cgi?id=2274767
- https://access.redhat.com/security/cve/CVE-2024-3727
- https://security-tracker.debian.org/tracker/CVE-2024-3727
Affected packages
Debian:11 / golang-github-containers-image
Package
- Name
- golang-github-containers-image
- Purl
- pkg:deb/debian/golang-github-containers-image?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.10.3-1
5.10.5-2
5.11.1-1
5.12.0-2
5.15.2-1
5.15.2-2
5.16.0-1
5.16.0-2
5.16.0-3
5.17.0-1
5.19.0-1
5.21.1-1
5.21.1-2
5.21.1-3
5.22.0-1
5.22.0-2
5.23.1-1
5.23.1-2
5.23.1-3
5.23.1-4
5.23.1+git20230116+3d22f4e96c53-1
5.25.0-1
5.25.0-2
5.25.0-3
5.25.0-4
5.25.0-5
5.25.0-6
5.25.0-7
5.25.0-8
5.25.0-9
5.25.0-10
5.25.0-11
5.25.0-12
5.26.1-1
5.26.1-2~bpo12+1
5.26.1-2
5.28.0-1
5.28.0-2
5.28.0-3
5.28.0-4
5.29.0-1
5.29.0-2
5.29.0-3
5.29.1-1
5.29.1-2
5.29.2-1
5.29.2-2
5.29.2-3
5.29.3-1
5.29.4-1
5.30.0-1
5.30.2-1
5.30.2-2
5.32.0-1
5.32.0-2
5.32.1-2
5.32.1-3
5.32.2-3
5.32.2-4
Debian:12 / golang-github-containers-image
Package
- Name
- golang-github-containers-image
- Purl
- pkg:deb/debian/golang-github-containers-image?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.23.1-4
5.23.1+git20230116+3d22f4e96c53-1
5.25.0-1
5.25.0-2
5.25.0-3
5.25.0-4
5.25.0-5
5.25.0-6
5.25.0-7
5.25.0-8
5.25.0-9
5.25.0-10
5.25.0-11
5.25.0-12
5.26.1-1
5.26.1-2~bpo12+1
5.26.1-2
5.28.0-1
5.28.0-2
5.28.0-3
5.28.0-4
5.29.0-1
5.29.0-2
5.29.0-3
5.29.1-1
5.29.1-2
5.29.2-1
5.29.2-2
5.29.2-3
5.29.3-1
5.29.4-1
5.30.0-1
5.30.2-1
5.30.2-2
5.32.0-1
5.32.0-2
5.32.1-2
5.32.1-3
5.32.2-3
5.32.2-4
Debian:13 / golang-github-containers-image
Package
- Name
- golang-github-containers-image
- Purl
- pkg:deb/debian/golang-github-containers-image?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.29.3-1
Affected versions
5.*
5.23.1-4
5.23.1+git20230116+3d22f4e96c53-1
5.25.0-1
5.25.0-2
5.25.0-3
5.25.0-4
5.25.0-5
5.25.0-6
5.25.0-7
5.25.0-8
5.25.0-9
5.25.0-10
5.25.0-11
5.25.0-12
5.26.1-1
5.26.1-2~bpo12+1
5.26.1-2
5.28.0-1
5.28.0-2
5.28.0-3
5.28.0-4
5.29.0-1
5.29.0-2
5.29.0-3
5.29.1-1
5.29.1-2
5.29.2-1
5.29.2-2
5.29.2-3