CVE-2024-23650

SOURCE - github

Summary

### Impact A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. ### Patches The issue has been fixed in v0.12.5 ### Workarounds Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the #syntax line on your Dockerfile, or with --frontend flag when using buildctl build command. ### References

Common Weakness Enumeration (CWE)

SOURCE - nist

Improper Check for Unusual or Exceptional Conditions

SOURCE - github

Improper Check for Unusual or Exceptional Conditions

SOURCE - redhat

Improper Check for Unusual or Exceptional Conditions


nist

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium

github

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium

alpine

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

redhat

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium

chainguard

CREATED


UPDATED


SOURCE ID

CVE-2024-23650


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

wolfi

CREATED


UPDATED


SOURCE ID

CVE-2024-23650


EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE