#VU89685 Improper validation of integrity check value in Container Projects image library - CVE-2024-3727

Vulnerability identifier: #VU89685

Vulnerability risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-3727

CWE-ID: CWE-354

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Container Projects image library
Universal components / Libraries / Libraries used by multiple products

Vendor: Container Projects

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of integrity check. A remote attacker can trick the victim into providing authenticated registry accesses, causing resource exhaustion, local path traversal, and other attacks.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Container Projects image library: 5.29.0 - 5.30.0

---

External links
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
https://github.com/advisories/GHSA-6wvf-f2vw-3425
https://github.com/containers/image/releases/tag/v5.29.3

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.