DEBIAN-CVE-2024-3727

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-3727

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-3727.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-3727

Upstream

CVE-2024-3727

Published

2024-05-14T15:42:07Z

Modified

2025-10-10T19:30:49.011834Z

Severity

8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

References

https://security-tracker.debian.org/tracker/CVE-2024-3727

Affected packages

Debian:11

golang-github-containers-image

Package

Name: golang-github-containers-image
Purl: pkg:deb/debian/golang-github-containers-image?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.10.3-1

5.10.5-2

5.11.1-1

5.12.0-2

5.15.2-1

5.15.2-2

5.16.0-1

5.16.0-2

5.16.0-3

5.17.0-1

5.19.0-1

5.21.1-1

5.21.1-2

5.21.1-3

5.22.0-1

5.22.0-2

5.23.1-1

5.23.1-2

5.23.1-3

5.23.1-4

5.23.1+git20230116+3d22f4e96c53-1

5.25.0-1

5.25.0-2

5.25.0-3

5.25.0-4

5.25.0-5

5.25.0-6

5.25.0-7

5.25.0-8

5.25.0-9

5.25.0-10

5.25.0-11

5.25.0-12

5.26.1-1

5.26.1-2~bpo12+1

5.26.1-2

5.28.0-1

5.28.0-2

5.28.0-3

5.28.0-4

5.29.0-1

5.29.0-2

5.29.0-3

5.29.1-1

5.29.1-2

5.29.2-1

5.29.2-2

5.29.2-3

5.29.3-1

5.29.4-1

5.30.0-1

5.30.2-1

5.30.2-2

5.32.0-1

5.32.0-2

5.32.1-2

5.32.1-3

5.32.2-3

5.32.2-4

5.32.2-5

5.33.0-1

5.33.0-2

5.33.1-1

5.34.0-1

5.34.2-1

5.36.1-1

5.36.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

golang-github-containers-image

Package

Name: golang-github-containers-image
Purl: pkg:deb/debian/golang-github-containers-image?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.23.1-4

5.23.1+git20230116+3d22f4e96c53-1

5.25.0-1

5.25.0-2

5.25.0-3

5.25.0-4

5.25.0-5

5.25.0-6

5.25.0-7

5.25.0-8

5.25.0-9

5.25.0-10

5.25.0-11

5.25.0-12

5.26.1-1

5.26.1-2~bpo12+1

5.26.1-2

5.28.0-1

5.28.0-2

5.28.0-3

5.28.0-4

5.29.0-1

5.29.0-2

5.29.0-3

5.29.1-1

5.29.1-2

5.29.2-1

5.29.2-2

5.29.2-3

5.29.3-1

5.29.4-1

5.30.0-1

5.30.2-1

5.30.2-2

5.32.0-1

5.32.0-2

5.32.1-2

5.32.1-3

5.32.2-3

5.32.2-4

5.32.2-5

5.33.0-1

5.33.0-2

5.33.1-1

5.34.0-1

5.34.2-1

5.36.1-1

5.36.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

golang-github-containers-image

Package

Name: golang-github-containers-image
Purl: pkg:deb/debian/golang-github-containers-image?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.29.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

golang-github-containers-image

Package

Name: golang-github-containers-image
Purl: pkg:deb/debian/golang-github-containers-image?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.29.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}