Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-q59j-vv4j-v33c #3311

Closed
GoVulnBot opened this issue Dec 4, 2024 · 1 comment
Assignees
Labels

Comments

@GoVulnBot
Copy link

Advisory GHSA-q59j-vv4j-v33c references a vulnerability in the following Go modules:

Module
github.com/moby/moby

Description:
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/moby/moby
      versions:
        - introduced: 25.0.0+incompatible
        - fixed: 26.1.0+incompatible
      vulnerable_at: 26.0.2+incompatible
summary: NULL Pointer Dereference on moby image history in github.com/moby/moby
cves:
    - CVE-2024-36620
ghsas:
    - GHSA-q59j-vv4j-v33c
references:
    - advisory: https://github.com/advisories/GHSA-q59j-vv4j-v33c
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-36620
    - fix: https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4
    - web: https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2
    - web: https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48
source:
    id: GHSA-q59j-vv4j-v33c
    created: 2024-12-04T23:02:07.394638618Z
review_status: UNREVIEWED

@zpavlinovic zpavlinovic self-assigned this Dec 9, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/634615 mentions this issue: data/reports: add 3 reports

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants