We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-3727

Containers/image: digest type does not guarantee valid type



Assignerredhat
Reserved2024-04-12
Published2024-05-09
Updated2024-09-17

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.



HIGH: 8.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

Improper Validation of Integrity Check Value

Product status

Default status
0x40029c19f0

4.4.5-2 before *
unaffected

Default status
0x40029c1bf0

4.4.5-2 before *
unaffected

Default status
0x40029c1d70

4.4.5-2 before *
unaffected

Default status
0x40029c1f20

4.4.5-4 before *
unaffected

Default status
0x40029c4110

4.4.5-3 before *
unaffected

Default status
0x40029c42b0

4.4.5-2 before *
unaffected

Default status
0x40029c4460

4.4.5-2 before *
unaffected

Default status
0x40029c4570

4.4.5-2 before *
unaffected

Default status
0x40029c46b0

4.4.5-3 before *
unaffected

Default status
0x40029c47d0

4.4.5-2 before *
unaffected

Default status
0x40029c4950

4.4.5-2 before *
unaffected

Default status
0x40029c4af0

4.4.5-3 before *
unaffected

Default status
0x40029c4cc0

4.4.5-3 before *
unaffected

Default status
0x40029c4e40

4.5.2-2 before *
unaffected

Default status
0x40029c5030

4.5.2-2 before *
unaffected

Default status
0x40029c51d0

4.5.2-2 before *
unaffected

Default status
0x40029c5320

4.5.2-2 before *
unaffected

Default status
0x40029c54e0

4.5.2-2 before *
unaffected

Default status
0x40029c5640

4.5.2-2 before *
unaffected

Default status
0x40029c5740

4.5.2-2 before *
unaffected

Default status
0x40029c5910

4.5.2-2 before *
unaffected

Default status
0x40029c5ac0

4.5.2-2 before *
unaffected

Default status
0x40029c5bd0

4.5.2-2 before *
unaffected

Default status
0x40029c5db0

4.5.2-1 before *
unaffected

Default status
0x40029cc030

4.5.2-2 before *
unaffected

Default status
0x40029cc230

4.5.2-2 before *
unaffected

Default status
0x40029cc410

8100020240808093819.afee755d before *
unaffected

Default status
0x40029cc590

v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8 before *
unaffected

Default status
0x40029cc6a0

v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9 before *
unaffected

Default status
0x40029cc880

4:4.9.4-5.1.rhaos4.16.el9 before *
unaffected

Default status
0x40029cc9f0

2:1.14.4-1.rhaos4.16.el8 before *
unaffected

Default status
0x40029ccbb0

0:1.29.5-7.rhaos4.16.git7db4ada.el8 before *
unaffected

Default status
0x40029cccc0

v4.16.0-202407171536.p0.g1551101.assembly.stream.el9 before *
unaffected

Default status
0x40029cce00

v4.15.5-7 before *
unaffected

Default status
0x40029ccf70

Default status
0x40029cd080

Default status
0x40029cd1c0

Default status
0x40029cd2f0

Default status
0x40029cd430

Default status
0x40029cd520

Default status
0x40029cd600

Default status
0x40029cd750

Default status
0x40029cd870

Default status
0x40029cd970

Default status
0x40029cdac0

Default status
0x40029cdbc0

Default status
0x40029cdd00

Default status
0x40029cde80

Default status
0x40029d0060

Default status
0x40029d01c0

Default status
0x40029d02c0

Default status
0x40029d0400

Default status
0x40029d0580

Default status
0x40029d06d0

Default status
0x40029d0850

Default status
0x40029d0970

Default status
0x40029d0ad0

Default status
0x40029d0ba0

Default status
0x40029d0ce0

Default status
0x40029d0e00

Default status
0x40029d0f40

Default status
0x40029d1050

Default status
0x40029d1140

Default status
0x40029d1240

Default status
0x40029d1390

Default status
0x40029d14d0

Default status
0x40029d1620

Default status
0x40029d1720

Default status
0x40029d1880

Default status
0x40029d1990

Default status
0x40029d1aa0

Default status
0x40029d1c20

Default status
0x40029d1d20

Default status
0x40029d1e60

Default status
0x40029f6030

Default status
0x40029f61b0

Default status
0x40029f6330

Default status
0x40029f6460

Default status
0x40029f6580

Default status
0x40029f6700

Default status
0x40029f6860

Default status
0x40029f69e0

Default status
0x40029f6b40

Default status
0x40029f6c40

Default status
0x40029f6d10

Default status
0x40029f6e60

Default status
0x40029f6f50

Default status
0x40029f70b0

Default status
0x40029f7180

Default status
0x40029f72a0

Default status
0x40029f7400

Default status
0x40029f7580

Default status
0x40029f76a0

Default status
0x40029f77f0

Default status
0x40029f7910

Default status
0x40029f7a50

Default status
0x40029f7bc0

Default status
0x40029f7d40

Default status
0x40029f7ea0

Default status
0x40029f8080

Default status
0x40029f81c0

Default status
0x40029f82a0

Default status
0x40029f83a0

Default status
0x40029f8520

Default status
0x40029f86a0

Default status
0x40029f87b0

Default status
0x40029f88a0

Default status
0x40029f89e0

Default status
0x40029f8af0

Default status
0x40029f8c40

Default status
0x40029f8d80

Default status
0x40029f8e50

Default status
0x40029f8f90

Default status
0x40029f90d0

Default status
0x40029f9250

Default status
0x40029f9360

Default status
0x40029f9470

Default status
0x40029f95c0

Default status
0x40029f9740

Default status
0x40029f9840

Default status
0x40029f9960

Timeline

2024-04-12:Reported to Red Hat.
2024-05-09:Made public.

References

https://access.redhat.com/errata/RHSA-2024:0045 (RHSA-2024:0045) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4159 (RHSA-2024:4159) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4613 (RHSA-2024:4613) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4850 (RHSA-2024:4850) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4960 (RHSA-2024:4960) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:5258 (RHSA-2024:5258) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:5951 (RHSA-2024:5951) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:6054 (RHSA-2024:6054) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:6708 (RHSA-2024:6708) vendor-advisory

https://access.redhat.com/security/cve/CVE-2024-3727 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2274767 (RHBZ#2274767) issue-tracking

cve.org CVE-2024-3727

nvd.nist.gov CVE-2024-3727

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3727
Subscribe to our newsletter to learn more about our work.