A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
References
Configurations
No configuration.
History
07 Nov 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Nov 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Nov 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Oct 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Oct 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Oct 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-15 16:15
Updated : 2024-11-07 08:15
NVD link : CVE-2024-9676
Mitre link : CVE-2024-9676
CVE.ORG link : CVE-2024-9676
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')