CVE-2024-23650

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*

History

09 Feb 2024, 01:38

Type Values Removed Values Added
First Time Mobyproject
Mobyproject buildkit
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
References () https://github.com/moby/buildkit/releases/tag/v0.12.5 - () https://github.com/moby/buildkit/releases/tag/v0.12.5 - Patch, Release Notes
References () https://github.com/moby/buildkit/pull/4601 - () https://github.com/moby/buildkit/pull/4601 - Patch, Vendor Advisory
References () https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx - () https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx - Vendor Advisory
CPE cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*

31 Jan 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-31 22:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-23650

Mitre link : CVE-2024-23650

CVE.ORG link : CVE-2024-23650


JSON object : View

Products Affected

mobyproject

  • buildkit
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions