CVE-2024-3727Improper Validation of Integrity Check Value in Containers Image

CWE-354Improper Validation of Integrity Check Value9 documents7 sources
Severity
8.3HIGHNVD
EPSS
0.6%
top 31.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Containers ImageGithub.com Containers Image V5
Timeline
PublishedMay 14
Latest updateMay 20

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages2 packages

Gogithub.com/containers_image_v55.30.05.30.1+1

🔴Vulnerability Details

5
OSV
Unexpected authenticated registry accesses in github.com/containers/image/v52024-05-20
OSV
github.com/containers/image allows unexpected authenticated registry accesses2024-05-14
GHSA
github.com/containers/image allows unexpected authenticated registry accesses2024-05-14
OSV
CVE-2024-3727: A flaw was found in the github2024-05-14
CVEList
Containers/image: digest type does not guarantee valid type2024-05-09

📋Vendor Advisories

3
Microsoft
Containers/image: digest type does not guarantee valid type2024-05-14
Red Hat
containers/image: digest type does not guarantee valid type2024-05-09
Debian
CVE-2024-3727: golang-github-containers-image - A flaw was found in the github.com/containers/image library. This flaw allows at...2024
CVE-2024-3727 — Containers Image vulnerability | cvebase