CVE-2024-23650

SOURCE - github

Summary

Impact

A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic.

Patches

The issue has been fixed in v0.12.5

Workarounds

Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the #syntax line on your Dockerfile, or with --frontend flag when using buildctl build command.

References

EPSS Score⁠: 0.00052 (0.211)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-754⁠

Improper Check for Unusual or Exceptional Conditions

SOURCE - github

CWE-754⁠

Improper Check for Unusual or Exceptional Conditions

SOURCE - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-754⁠

Improper Check for Unusual or Exceptional Conditions

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

CWE-754⁠

Improper Check for Unusual or Exceptional Conditions

Sources (22)

Impacted images

NIST

CREATED

6 months ago

UPDATED

6 months ago

SOURCE IDCVE-2024-23650⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-754⁠

CVSS SCORE

5.3medium

GitHub

CREATED

6 months ago

UPDATED

5 months ago

SOURCE IDGHSA-9p26-698r-w4hx⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-754⁠

CVSS SCORE

5.3medium

Alpine

CREATED

6 months ago

UPDATED

1 month ago

SOURCE IDCVE-2024-23650⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Ubuntu

CREATED

5 months ago

UPDATED

15 days ago

SOURCE IDCVE-2024-23650⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

GoLang

CREATED

6 months ago

UPDATED

2 months ago

SOURCE IDGO-2024-2492⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

GitLab

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CVE-2024-23650

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-754⁠CWE-937⁠

CVSS SCORE

5.3medium

Amazon

CREATED

5 months ago

UPDATED

5 months ago

SOURCE IDALAS2023-2024-542⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

6 months ago

UPDATED

6 months ago

SOURCE IDCVE-2024-23650⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-754⁠

CVSS SCORE

5.3medium

Oracle

CREATED

2 months ago

UPDATED

2 months ago

SOURCE IDELSA-2024-2988⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-2qfc-77fj-6j9m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-2fh7-3g44-v2v8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-3fr8-7cc7-mggf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-6jj8-f9q9-3mc7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-cjgh-j3qx-v5cf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-cw93-v5mm-858p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-cx83-phj6-xqgc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-gpr3-vj8q-26rw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-hc95-x7c3-393j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-pwq3-833q-q6jr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

SOURCE ID

CGA-pxv5-j3f8-xrpc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

SOURCE ID

CGA-rm85-gqpf-hfph

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

SOURCE ID

CGA-rw49-59gp-gfv9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE