AZL-43831

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43831.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-43831

Upstream

CVE-2024-28180

Published

2024-03-09T01:15:07Z

Modified

2026-04-01T05:15:19.867567Z

Summary

CVE-2024-28180 affecting package buildah 1.18.0-29

Details

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-28180

Affected packages

Azure Linux:2 / buildah

Package

Name: buildah
Purl: pkg:rpm/azure-linux/buildah

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.18.0-29

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43831.json"