THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-3727

Containers/image: digest type does not guarantee valid type

Assignerredhat
Reserved2024-04-12
Published2024-05-09
Updated2024-07-24

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.



HIGH: 8.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

Improper Validation of Integrity Check Value

Product status

Default status
affected

4:4.9.4-5.1.rhaos4.16.el9 before *
unaffected

Default status
affected

2:1.14.4-1.rhaos4.16.el8 before *
unaffected

Default status
affected

0:1.29.5-7.rhaos4.16.git7db4ada.el9 before *
unaffected

Default status
affected

v4.16.0-202407171536.p0.g1551101.assembly.stream.el9 before *
unaffected

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
unknown

Default status
unknown

Default status
unknown

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
unaffected

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
unknown

Default status
unknown

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2024-04-12:Reported to Red Hat.
2024-05-09:Made public.

References

https://access.redhat.com/errata/RHSA-2024:0045 (RHSA-2024:0045) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4159 (RHSA-2024:4159) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4613 (RHSA-2024:4613) vendor-advisory

https://access.redhat.com/security/cve/CVE-2024-3727 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2274767 (RHBZ#2274767) issue-tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/

cve.org CVE-2024-3727

nvd.nist.gov CVE-2024-3727

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3727
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +