CVE-2024-9341

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-9341

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9341.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-9341

Aliases

Related

Published

2024-10-01T19:15:09Z

Modified

2024-10-18T05:49:08.356415Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

References

Affected packages

Debian:11 / golang-github-containers-common

Package

Name: golang-github-containers-common
Purl: pkg:deb/debian/golang-github-containers-common?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.33.4+ds1-1

0.33.4+ds1-1+deb11u1

0.33.4+ds1-1+deb11u2

0.34.2+ds1-1

0.35.4+ds1-1

0.36.0+ds1-1

0.38.5+ds2-1

0.38.9+ds1-1

0.38.12+ds1-1

0.38.12+ds1-2

0.38.16+ds1-1

0.42.1+ds1-1

0.42.1+ds1-2

0.44.0+ds1-1

0.44.3+ds1-1

0.44.3+ds1-2

0.44.4+ds1-1

0.44.5+ds1-1

0.46.0+ds1-1

0.47.2+ds1-1

0.48.0+ds1-1

0.48.0+ds1-2

0.49.1+ds1-1

0.50.1+ds1-1

0.50.1+ds1-2

0.50.1+ds1-3

0.50.1+ds1-4

0.51.0+ds1-1

0.52.0+ds1-1

0.52.0+ds1-2

0.55.4+ds1-1

0.55.4+ds1-2

0.55.4+ds1-3

0.56.0+ds1-1

0.56.0+ds1-2

0.56.0+ds1-3

0.56.0+ds1-4

0.57.0+ds1-1

0.57.0+ds1-2

0.57.2+ds1-1

0.57.2+ds1-2

0.57.4+ds1-1

0.57.4+ds1-2

0.57.4+ds1-3

0.57.4+ds1-4

0.58.0+ds1-1

0.58.2+ds1-2

0.58.2+ds1-3

0.60.0+ds1-1

0.60.1+ds1-1

0.60.1+ds1-3

0.60.2+ds1-1

0.60.2+ds1-2

0.60.3+ds1-3

0.60.4+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-github-containers-common

Package

Name: golang-github-containers-common
Purl: pkg:deb/debian/golang-github-containers-common?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.50.1+ds1-4

0.51.0+ds1-1

0.52.0+ds1-1

0.52.0+ds1-2

0.55.4+ds1-1

0.55.4+ds1-2

0.55.4+ds1-3

0.56.0+ds1-1

0.56.0+ds1-2

0.56.0+ds1-3

0.56.0+ds1-4

0.57.0+ds1-1

0.57.0+ds1-2

0.57.2+ds1-1

0.57.2+ds1-2

0.57.4+ds1-1

0.57.4+ds1-2

0.57.4+ds1-3

0.57.4+ds1-4

0.58.0+ds1-1

0.58.2+ds1-2

0.58.2+ds1-3

0.60.0+ds1-1

0.60.1+ds1-1

0.60.1+ds1-3

0.60.2+ds1-1

0.60.2+ds1-2

0.60.3+ds1-3

0.60.4+ds1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-github-containers-common

Package

Name: golang-github-containers-common
Purl: pkg:deb/debian/golang-github-containers-common?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.60.4+ds1-1

Affected versions

0.*

0.50.1+ds1-4

0.51.0+ds1-1

0.52.0+ds1-1

0.52.0+ds1-2

0.55.4+ds1-1

0.55.4+ds1-2

0.55.4+ds1-3

0.56.0+ds1-1

0.56.0+ds1-2

0.56.0+ds1-3

0.56.0+ds1-4

0.57.0+ds1-1

0.57.0+ds1-2

0.57.2+ds1-1

0.57.2+ds1-2

0.57.4+ds1-1

0.57.4+ds1-2

0.57.4+ds1-3

0.57.4+ds1-4

0.58.0+ds1-1

0.58.2+ds1-2

0.58.2+ds1-3

0.60.0+ds1-1

0.60.1+ds1-1

0.60.1+ds1-3

0.60.2+ds1-1

0.60.2+ds1-2

0.60.3+ds1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}