Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

x/vulndb: potential Go vuln in github.com/cri-o/cri-o: GHSA-7p9f-6x8j-gxxp #3292

Closed
GoVulnBot opened this issue Nov 26, 2024 · 1 comment
Labels

Comments

@GoVulnBot
Copy link

Advisory GHSA-7p9f-6x8j-gxxp references a vulnerability in the following Go modules:

Module
github.com/cri-o/cri-o

Description:

Impact

Patches

1.31.1, 1.30.6, 1.29.8

Workarounds

set enable_criu_support = false

References

Are there any links users can visit to find out more?

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/cri-o/cri-o
      versions:
        - introduced: 1.30.0
        - introduced: 1.31.0
      non_go_versions:
        - fixed: 1.29.11
        - fixed: 1.30.8
        - fixed: 1.31.3
      vulnerable_at: 1.31.2
summary: 'CRI-O: Maliciously structured checkpoint file can gain arbitrary node access in github.com/cri-o/cri-o'
cves:
    - CVE-2024-8676
ghsas:
    - GHSA-7p9f-6x8j-gxxp
references:
    - advisory: https://github.com/advisories/GHSA-7p9f-6x8j-gxxp
    - advisory: https://github.com/cri-o/cri-o/security/advisories/GHSA-7p9f-6x8j-gxxp
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-8676
    - fix: https://github.com/cri-o/cri-o/commit/e8e7dcb7838d11b5157976bf3e31a5840bb77de7
    - web: https://access.redhat.com/security/cve/CVE-2024-8676
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=2313842
source:
    id: GHSA-7p9f-6x8j-gxxp
    created: 2024-11-26T22:01:24.604637589Z
review_status: UNREVIEWED

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/633598 mentions this issue: data/reports: add 6 unreviewed reports

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants