cbcvebase.
CVE-2024-23650
published 2024-01-31

CVE-2024-23650: BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.96%
57.0th percentile
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

Affected

13 ranges
VendorProductVersion rangeFixed in
github.commoby_buildkit>= 0 < 0.12.50.12.5
mobybuildkit< 0.12.50.12.5
mobyprojectbuildkit< 0.12.50.12.5
msrcazl3_docker-buildx_0.12.1-1_on_azure_linux_3.0
msrcazl3_docker-buildx_0.14.0-1_on_azure_linux_3.0
msrcazl3_docker-compose_2.24.6-2_on_azure_linux_3.0
msrcazl3_docker-compose_2.27.0-1_on_azure_linux_3.0
msrcazl3_moby-engine_20.10.25-3_on_azure_linux_3.0
msrcazl3_moby-engine_25.0.3-1_on_azure_linux_3.0
msrccbl2_moby-compose_2.17.3-10_on_cbl_mariner_2.0
msrccbl2_moby-compose_2.17.3-5_on_cbl_mariner_2.0
msrccbl2_moby-engine_24.0.9-14_on_cbl_mariner_2.0
msrccbl2_moby-engine_24.0.9-16_on_cbl_mariner_2.0

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.