[GO-2024-2492] Panic in github.com/moby/buildkit
Severity
Medium
Affected Packages
8
Fixed Packages
8
CVEs
1
A malicious BuildKit client or frontend could craft a request that could lead to
a BuildKit daemon crashing with a panic.
Package | Affected Version |
---|---|
pkg:golang/github.com/moby/buildkit/util/tracing/transform | >= 0.12.4, < 0.12.5 |
pkg:golang/github.com/moby/buildkit/sourcepolicy | >= 0.12.4, < 0.12.5 |
pkg:golang/github.com/moby/buildkit/solver/llbsolver | >= 0.12.4, < 0.12.5 |
pkg:golang/github.com/moby/buildkit/frontend/gateway/client | >= 0.12.4, < 0.12.5 |
pkg:golang/github.com/moby/buildkit/frontend/gateway | >= 0.12.4, < 0.12.5 |
pkg:golang/github.com/moby/buildkit/exporter/containerimage/exptypes | >= 0.12.4, < 0.12.5 |
pkg:golang/github.com/moby/buildkit/exporter/containerimage | >= 0.12.4, < 0.12.5 |
pkg:golang/github.com/moby/buildkit/control | >= 0.12.4, < 0.12.5 |
- ID
- GO-2024-2492
- Severity
- medium
- Severity from
- CVE-2024-23650
- URL
- https://pkg.go.dev/vuln/GO-2024-2492
- Published
-
2024-02-07T23:15:34
(7 months ago) - Modified
-
2024-05-14T19:19:00
(4 months ago) - Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Security Advisory | https://github.com/advisories/GHSA-9p26-698r-w4hx |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:golang/github.com/moby/buildkit/util/tracing/transform | github.com/moby/buildkit/util/tracing | transform | = 0.12.5 | |||
Affected | pkg:golang/github.com/moby/buildkit/util/tracing/transform | github.com/moby/buildkit/util/tracing | transform | >= 0.12.4 < 0.12.5 | |||
Fixed | pkg:golang/github.com/moby/buildkit/sourcepolicy | github.com/moby/buildkit | sourcepolicy | = 0.12.5 | |||
Affected | pkg:golang/github.com/moby/buildkit/sourcepolicy | github.com/moby/buildkit | sourcepolicy | >= 0.12.4 < 0.12.5 | |||
Fixed | pkg:golang/github.com/moby/buildkit/solver/llbsolver | github.com/moby/buildkit/solver | llbsolver | = 0.12.5 | |||
Affected | pkg:golang/github.com/moby/buildkit/solver/llbsolver | github.com/moby/buildkit/solver | llbsolver | >= 0.12.4 < 0.12.5 | |||
Fixed | pkg:golang/github.com/moby/buildkit/frontend/gateway/client | github.com/moby/buildkit/frontend/gateway | client | = 0.12.5 | |||
Affected | pkg:golang/github.com/moby/buildkit/frontend/gateway/client | github.com/moby/buildkit/frontend/gateway | client | >= 0.12.4 < 0.12.5 | |||
Fixed | pkg:golang/github.com/moby/buildkit/frontend/gateway | github.com/moby/buildkit/frontend | gateway | = 0.12.5 | |||
Affected | pkg:golang/github.com/moby/buildkit/frontend/gateway | github.com/moby/buildkit/frontend | gateway | >= 0.12.4 < 0.12.5 | |||
Fixed | pkg:golang/github.com/moby/buildkit/exporter/containerimage/exptypes | github.com/moby/buildkit/exporter/containerimage | exptypes | = 0.12.5 | |||
Affected | pkg:golang/github.com/moby/buildkit/exporter/containerimage/exptypes | github.com/moby/buildkit/exporter/containerimage | exptypes | >= 0.12.4 < 0.12.5 | |||
Fixed | pkg:golang/github.com/moby/buildkit/exporter/containerimage | github.com/moby/buildkit/exporter | containerimage | = 0.12.5 | |||
Affected | pkg:golang/github.com/moby/buildkit/exporter/containerimage | github.com/moby/buildkit/exporter | containerimage | >= 0.12.4 < 0.12.5 | |||
Fixed | pkg:golang/github.com/moby/buildkit/control | github.com/moby/buildkit | control | = 0.12.5 | |||
Affected | pkg:golang/github.com/moby/buildkit/control | github.com/moby/buildkit | control | >= 0.12.4 < 0.12.5 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |