CVE-2024-9676

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:8418
https://access.redhat.com/errata/RHSA-2024:8428
https://access.redhat.com/errata/RHSA-2024:8437
https://access.redhat.com/errata/RHSA-2024:8686
https://access.redhat.com/errata/RHSA-2024:8690
https://access.redhat.com/errata/RHSA-2024:8694
https://access.redhat.com/errata/RHSA-2024:8700
https://access.redhat.com/errata/RHSA-2024:8984
https://access.redhat.com/errata/RHSA-2024:9051
https://access.redhat.com/errata/RHSA-2024:9454
https://access.redhat.com/errata/RHSA-2024:9459
https://access.redhat.com/security/cve/CVE-2024-9676
https://bugzilla.redhat.com/show_bug.cgi?id=2317467
https://github.com/advisories/GHSA-wq2p-5pc6-wpgf

Configurations

No configuration.

History

13 Nov 2024, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:8984 -

12 Nov 2024, 18:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:9454 - () https://access.redhat.com/errata/RHSA-2024:9459 -

11 Nov 2024, 18:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:8700 - () https://access.redhat.com/errata/RHSA-2024:9051 -

07 Nov 2024, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:8694 -

06 Nov 2024, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:8690 -

06 Nov 2024, 10:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:8686 -

31 Oct 2024, 05:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:8428 -

30 Oct 2024, 09:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:8418 - () https://access.redhat.com/errata/RHSA-2024:8437 -

16 Oct 2024, 16:38

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en Podman, Buildah y CRI-O. Una vulnerabilidad de cruce de enlaces simbólicos en la librería de contenedores/almacenamiento puede hacer que Podman, Buildah y CRI-O se bloqueen y generen una denegación de servicio mediante la eliminación de OOM al ejecutar una imagen maliciosa utilizando un espacio de nombres de usuario asignado automáticamente (`--userns=auto` en Podman y Buildah). La librería de contenedores/almacenamiento leerá /etc/passwd dentro del contenedor, pero no validará correctamente si ese archivo es un enlace simbólico, lo que se puede utilizar para hacer que la librería lea un archivo arbitrario en el host.

15 Oct 2024, 21:15

Type	Values Removed	Values Added
References		() https://github.com/advisories/GHSA-wq2p-5pc6-wpgf -

15 Oct 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-15 16:15

Updated : 2024-11-13 08:15

NVD link : CVE-2024-9676

Mitre link : CVE-2024-9676

CVE.ORG link : CVE-2024-9676

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10