Lucene search

K

GoogleOSV:ALSA-2024:1149

HistoryMar 05, 2024 - 12:00 a.m.

Moderate: skopeo security update

2024-03-0500:00:00

Google

osv.dev

11

skopeo

security update

image inspection

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

20.6%

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

access.redhat.com/errata/RHSA-2024:1149

access.redhat.com/security/cve/CVE-2023-39326

bugzilla.redhat.com/2253330

errata.almalinux.org/9/ALSA-2024-1149.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

20.6%

Related for OSV:ALSA-2024:1149

nessus78 cvelist1 amazon8 ibm12 openvas13 cve1 redhat34 cbl_mariner1 oraclelinux16 osv11 wolfi1 cgr1 alpinelinux1 nvd1 almalinux8 prion1 debiancve1 veracode1 ubuntucve1 redhatcve1 fedora1 redos1 mageia1 photon3 ubuntu1