1. Home
  2. Security Advisories
  3. Go
  4. GO-2024-2492

[GO-2024-2492] Panic in github.com/moby/buildkit

Severity Medium
Affected Packages 8
Fixed Packages 8
CVEs 1
Info Packages References Vulnerabilities

A malicious BuildKit client or frontend could craft a request that could lead to
a BuildKit daemon crashing with a panic.

Package Affected Version
pkg:golang/github.com/moby/buildkit/util/tracing/transform >= 0.12.4, < 0.12.5
pkg:golang/github.com/moby/buildkit/sourcepolicy >= 0.12.4, < 0.12.5
pkg:golang/github.com/moby/buildkit/solver/llbsolver >= 0.12.4, < 0.12.5
pkg:golang/github.com/moby/buildkit/frontend/gateway/client >= 0.12.4, < 0.12.5
pkg:golang/github.com/moby/buildkit/frontend/gateway >= 0.12.4, < 0.12.5
pkg:golang/github.com/moby/buildkit/exporter/containerimage/exptypes >= 0.12.4, < 0.12.5
pkg:golang/github.com/moby/buildkit/exporter/containerimage >= 0.12.4, < 0.12.5
pkg:golang/github.com/moby/buildkit/control >= 0.12.4, < 0.12.5
Package Fixed Version
pkg:golang/github.com/moby/buildkit/util/tracing/transform = 0.12.5
pkg:golang/github.com/moby/buildkit/sourcepolicy = 0.12.5
pkg:golang/github.com/moby/buildkit/solver/llbsolver = 0.12.5
pkg:golang/github.com/moby/buildkit/frontend/gateway/client = 0.12.5
pkg:golang/github.com/moby/buildkit/frontend/gateway = 0.12.5
pkg:golang/github.com/moby/buildkit/exporter/containerimage/exptypes = 0.12.5
pkg:golang/github.com/moby/buildkit/exporter/containerimage = 0.12.5
pkg:golang/github.com/moby/buildkit/control = 0.12.5
ID
GO-2024-2492
Severity
medium
Severity from
CVE-2024-23650
URL
https://pkg.go.dev/vuln/GO-2024-2492
Published
2024-02-07T23:15:34
(7 months ago)
Modified
2024-05-14T19:19:00
(4 months ago)
Other Advisories
Source # ID Name URL
Security Advisory https://github.com/advisories/GHSA-9p26-698r-w4hx
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:golang/github.com/moby/buildkit/util/tracing/transform github.com/moby/buildkit/util/tracing transform = 0.12.5
Affected pkg:golang/github.com/moby/buildkit/util/tracing/transform github.com/moby/buildkit/util/tracing transform >= 0.12.4 < 0.12.5
Fixed pkg:golang/github.com/moby/buildkit/sourcepolicy github.com/moby/buildkit sourcepolicy = 0.12.5
Affected pkg:golang/github.com/moby/buildkit/sourcepolicy github.com/moby/buildkit sourcepolicy >= 0.12.4 < 0.12.5
Fixed pkg:golang/github.com/moby/buildkit/solver/llbsolver github.com/moby/buildkit/solver llbsolver = 0.12.5
Affected pkg:golang/github.com/moby/buildkit/solver/llbsolver github.com/moby/buildkit/solver llbsolver >= 0.12.4 < 0.12.5
Fixed pkg:golang/github.com/moby/buildkit/frontend/gateway/client github.com/moby/buildkit/frontend/gateway client = 0.12.5
Affected pkg:golang/github.com/moby/buildkit/frontend/gateway/client github.com/moby/buildkit/frontend/gateway client >= 0.12.4 < 0.12.5
Fixed pkg:golang/github.com/moby/buildkit/frontend/gateway github.com/moby/buildkit/frontend gateway = 0.12.5
Affected pkg:golang/github.com/moby/buildkit/frontend/gateway github.com/moby/buildkit/frontend gateway >= 0.12.4 < 0.12.5
Fixed pkg:golang/github.com/moby/buildkit/exporter/containerimage/exptypes github.com/moby/buildkit/exporter/containerimage exptypes = 0.12.5
Affected pkg:golang/github.com/moby/buildkit/exporter/containerimage/exptypes github.com/moby/buildkit/exporter/containerimage exptypes >= 0.12.4 < 0.12.5
Fixed pkg:golang/github.com/moby/buildkit/exporter/containerimage github.com/moby/buildkit/exporter containerimage = 0.12.5
Affected pkg:golang/github.com/moby/buildkit/exporter/containerimage github.com/moby/buildkit/exporter containerimage >= 0.12.4 < 0.12.5
Fixed pkg:golang/github.com/moby/buildkit/control github.com/moby/buildkit control = 0.12.5
Affected pkg:golang/github.com/moby/buildkit/control github.com/moby/buildkit control >= 0.12.4 < 0.12.5
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date