Assigner | redhat |
Reserved | 2024-04-12 |
Published | 2024-05-09 |
Updated | 2024-09-17 |
Description
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
HIGH: 8.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
Problem types
Improper Validation of Integrity Check Value
Product status
Default status
0x40029c19f0
4.4.5-2 before *
unaffected
Default status
0x40029c1bf0
4.4.5-2 before *
unaffected
Default status
0x40029c1d70
4.4.5-2 before *
unaffected
Default status
0x40029c1f20
4.4.5-4 before *
unaffected
Default status
0x40029c4110
4.4.5-3 before *
unaffected
Default status
0x40029c42b0
4.4.5-2 before *
unaffected
Default status
0x40029c4460
4.4.5-2 before *
unaffected
Default status
0x40029c4570
4.4.5-2 before *
unaffected
Default status
0x40029c46b0
4.4.5-3 before *
unaffected
Default status
0x40029c47d0
4.4.5-2 before *
unaffected
Default status
0x40029c4950
4.4.5-2 before *
unaffected
Default status
0x40029c4af0
4.4.5-3 before *
unaffected
Default status
0x40029c4cc0
4.4.5-3 before *
unaffected
Default status
0x40029c4e40
4.5.2-2 before *
unaffected
Default status
0x40029c5030
4.5.2-2 before *
unaffected
Default status
0x40029c51d0
4.5.2-2 before *
unaffected
Default status
0x40029c5320
4.5.2-2 before *
unaffected
Default status
0x40029c54e0
4.5.2-2 before *
unaffected
Default status
0x40029c5640
4.5.2-2 before *
unaffected
Default status
0x40029c5740
4.5.2-2 before *
unaffected
Default status
0x40029c5910
4.5.2-2 before *
unaffected
Default status
0x40029c5ac0
4.5.2-2 before *
unaffected
Default status
0x40029c5bd0
4.5.2-2 before *
unaffected
Default status
0x40029c5db0
4.5.2-1 before *
unaffected
Default status
0x40029cc030
4.5.2-2 before *
unaffected
Default status
0x40029cc230
4.5.2-2 before *
unaffected
Default status
0x40029cc410
8100020240808093819.afee755d before *
unaffected
Default status
0x40029cc590
v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8 before *
unaffected
Default status
0x40029cc6a0
v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9 before *
unaffected
Default status
0x40029cc880
4:4.9.4-5.1.rhaos4.16.el9 before *
unaffected
Default status
0x40029cc9f0
2:1.14.4-1.rhaos4.16.el8 before *
unaffected
Default status
0x40029ccbb0
0:1.29.5-7.rhaos4.16.git7db4ada.el8 before *
unaffected
Default status
0x40029cccc0
v4.16.0-202407171536.p0.g1551101.assembly.stream.el9 before *
unaffected
Default status
0x40029cce00
v4.15.5-7 before *
unaffected
Default status
0x40029ccf70
Default status
0x40029cd080
Default status
0x40029cd1c0
Default status
0x40029cd2f0
Default status
0x40029cd430
Default status
0x40029cd520
Default status
0x40029cd600
Default status
0x40029cd750
Default status
0x40029cd870
Default status
0x40029cd970
Default status
0x40029cdac0
Default status
0x40029cdbc0
Default status
0x40029cdd00
Default status
0x40029cde80
Default status
0x40029d0060
Default status
0x40029d01c0
Default status
0x40029d02c0
Default status
0x40029d0400
Default status
0x40029d0580
Default status
0x40029d06d0
Default status
0x40029d0850
Default status
0x40029d0970
Default status
0x40029d0ad0
Default status
0x40029d0ba0
Default status
0x40029d0ce0
Default status
0x40029d0e00
Default status
0x40029d0f40
Default status
0x40029d1050
Default status
0x40029d1140
Default status
0x40029d1240
Default status
0x40029d1390
Default status
0x40029d14d0
Default status
0x40029d1620
Default status
0x40029d1720
Default status
0x40029d1880
Default status
0x40029d1990
Default status
0x40029d1aa0
Default status
0x40029d1c20
Default status
0x40029d1d20
Default status
0x40029d1e60
Default status
0x40029f6030
Default status
0x40029f61b0
Default status
0x40029f6330
Default status
0x40029f6460
Default status
0x40029f6580
Default status
0x40029f6700
Default status
0x40029f6860
Default status
0x40029f69e0
Default status
0x40029f6b40
Default status
0x40029f6c40
Default status
0x40029f6d10
Default status
0x40029f6e60
Default status
0x40029f6f50
Default status
0x40029f70b0
Default status
0x40029f7180
Default status
0x40029f72a0
Default status
0x40029f7400
Default status
0x40029f7580
Default status
0x40029f76a0
Default status
0x40029f77f0
Default status
0x40029f7910
Default status
0x40029f7a50
Default status
0x40029f7bc0
Default status
0x40029f7d40
Default status
0x40029f7ea0
Default status
0x40029f8080
Default status
0x40029f81c0
Default status
0x40029f82a0
Default status
0x40029f83a0
Default status
0x40029f8520
Default status
0x40029f86a0
Default status
0x40029f87b0
Default status
0x40029f88a0
Default status
0x40029f89e0
Default status
0x40029f8af0
Default status
0x40029f8c40
Default status
0x40029f8d80
Default status
0x40029f8e50
Default status
0x40029f8f90
Default status
0x40029f90d0
Default status
0x40029f9250
Default status
0x40029f9360
Default status
0x40029f9470
Default status
0x40029f95c0
Default status
0x40029f9740
Default status
0x40029f9840
Default status
0x40029f9960
Timeline
2024-04-12: | Reported to Red Hat. |
2024-05-09: | Made public. |
References
https://access.redhat.com/errata/RHSA-2024:0045 (RHSA-2024:0045) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:4159 (RHSA-2024:4159) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:4613 (RHSA-2024:4613) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:4850 (RHSA-2024:4850) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:4960 (RHSA-2024:4960) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:5258 (RHSA-2024:5258) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:5951 (RHSA-2024:5951) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:6054 (RHSA-2024:6054) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:6708 (RHSA-2024:6708) vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-3727 vdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=2274767 (RHBZ#2274767) issue-tracking
cve.org CVE-2024-3727
nvd.nist.gov CVE-2024-3727
Download JSON
Share this page
https://cve.threatint.com/CVE/CVE-2024-3727
Subscribe to our newsletter to learn more about our work.