RedHatRHSA-2024:0121(RHSA-2024:0121) Moderate: container-tools:4.0 security update
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
62.5%
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
-
golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
-
golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
-
golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
-
golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
-
golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
-
golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
-
golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
-
golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
-
golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
62.5%