Anolis OS update for container-tools:an8 module



Risk High
Patch available YES
Number of vulnerabilities 20
CVE-ID CVE-2018-25091
CVE-2018-20060
CVE-2021-33198
CVE-2021-34558
CVE-2022-2879
CVE-2022-2880
CVE-2022-41715
CVE-2023-29409
CVE-2023-39318
CVE-2023-39319
CVE-2023-39321
CVE-2023-39322
CVE-2023-39326
CVE-2023-45287
CVE-2023-45803
CVE-2023-48795
CVE-2024-1753
CVE-2024-23650
CVE-2024-24786
CVE-2024-28180
CWE-ID CWE-200
CWE-399
CWE-295
CWE-20
CWE-400
CWE-79
CWE-203
CWE-326
CWE-269
CWE-754
CWE-835
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #16 is available.
Vulnerable software
 Anolis OS
Operating systems & Components / Operating system

podman-docker
Operating systems & Components / Operating system package or component

podman-tests
Operating systems & Components / Operating system package or component

podman-remote
Operating systems & Components / Operating system package or component

podman-plugins
Operating systems & Components / Operating system package or component

podman-gvproxy
Operating systems & Components / Operating system package or component

podman-catatonit
Operating systems & Components / Operating system package or component

podman
Operating systems & Components / Operating system package or component

buildah-tests
Operating systems & Components / Operating system package or component

buildah
Operating systems & Components / Operating system package or component

udica
Operating systems & Components / Operating system package or component

python3-podman
Operating systems & Components / Operating system package or component

container-selinux
Operating systems & Components / Operating system package or component

cockpit-podman
Operating systems & Components / Operating system package or component

toolbox-tests
Operating systems & Components / Operating system package or component

toolbox
Operating systems & Components / Operating system package or component

slirp4netns
Operating systems & Components / Operating system package or component

skopeo-tests
Operating systems & Components / Operating system package or component

skopeo
Operating systems & Components / Operating system package or component

python3-criu
Operating systems & Components / Operating system package or component

oci-seccomp-bpf-hook
Operating systems & Components / Operating system package or component

netavark
Operating systems & Components / Operating system package or component

libslirp-devel
Operating systems & Components / Operating system package or component

libslirp
Operating systems & Components / Operating system package or component

fuse-overlayfs
Operating systems & Components / Operating system package or component

crun
Operating systems & Components / Operating system package or component

criu-libs
Operating systems & Components / Operating system package or component

criu-devel
Operating systems & Components / Operating system package or component

criu
Operating systems & Components / Operating system package or component

crit
Operating systems & Components / Operating system package or component

containers-common
Operating systems & Components / Operating system package or component

containernetworking-plugins
Operating systems & Components / Operating system package or component

conmon
Operating systems & Components / Operating system package or component

aardvark-dns
Operating systems & Components / Operating system package or component

runc
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU82979

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-25091

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to urllib3 does not remove the authorization HTTP header when following a cross-origin redirect. A remote attacker can gain access to sensitive information.

Note, the vulnerability exists due to incomplete fix for #VU26413 (CVE-2018-20060).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU26413

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2018-20060

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Authorization HTTP header is not removed from the HTTP request during request redirection in "urllib3/util/retry.py". A remote attacker can intercept the request and gain access to sensitive information, passed via Authorization HTTP header.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Resource management error

EUVDB-ID: #VU56024

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-33198

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling a large exponent to the math/big.Rat SetString or UnmarshalText method.  A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Certificate Validation

EUVDB-ID: #VU55665

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2021-34558

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper certificate verification in crypto/tls package in Go when processing X.509 certificates. The application does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Resource management error

EUVDB-ID: #VU68387

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to absent limits on the maximum size of file headers within the Reader.Read method in archive/tar. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU68389

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform parameter smuggling attacks.

The vulnerability exists due to incorrect handling of requests forwarded by ReverseProxy in net/http/httputil. A remote attacker can supply specially crafted parameters that cannot be parsed and are rejected by net/http and force the application to include these parameters into the forwarding request. As a result, a remote attacker can smuggle potentially dangerous HTTP parameters into the request.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource exhaustion

EUVDB-ID: #VU68390

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-41715

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper Certificate Validation

EUVDB-ID: #VU78913

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29409

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Cross-site scripting

EUVDB-ID: #VU80572

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39318

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the html/template package when handling HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Cross-site scripting

EUVDB-ID: #VU80573

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39319

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists within the html/template package caused by improperly applied rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU80574

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39321

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing  post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU80575

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39322

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing  post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource exhaustion

EUVDB-ID: #VU83928

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39326

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP chunked requests. A remote attacker can send specially crafted HTTP requests to the server and consume excessive memory resources.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Observable discrepancy

EUVDB-ID: #VU86309

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-45287

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information disclosure

EUVDB-ID: #VU82978

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-45803

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to urllib3 does not remove the HTTP request body when redirecting HTTP response using status codes 301, 302, or 303, after the request had its method changed from one that could accept a request body (e.g. from POST to GET). A remote attacker can gain access to potentially sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Inadequate encryption strength

EUVDB-ID: #VU84537

Risk: Low

CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-48795

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.

The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

17) Improper Privilege Management

EUVDB-ID: #VU87616

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-1753

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to the affected application allows containers to mount arbitrary locations on the host filesystem into build containers. A remote attacker can escalate privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU86039

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-23650

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Infinite loop

EUVDB-ID: #VU87326

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-24786

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing data in an invalid JSON format within the protojson.Unmarshal() function. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource exhaustion

EUVDB-ID: #VU87538

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-28180

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when decompressing JWE with Decrypt or DecryptMulti. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-1.0.1

podman-tests: before 4.9.4-1.0.1

podman-remote: before 4.9.4-1.0.1

podman-plugins: before 4.9.4-1.0.1

podman-gvproxy: before 4.9.4-1.0.1

podman-catatonit: before 4.9.4-1.0.1

podman: before 4.9.4-1.0.1

buildah-tests: before 1.33.7-1

buildah: before 1.33.7-1

udica: before 0.2.6-21

python3-podman: before 4.9.0-1

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

skopeo-tests: before 1.14.3-2.0.1

skopeo: before 1.14.3-2.0.1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

containers-common: before 1-81.0.1

containernetworking-plugins: before 1.4.0-2.0.1

conmon: before 2.1.10-1

aardvark-dns: before 1.10.0-2.0.1

runc: before 1.1.12-1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0419


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###