CVE-2024-23650

CVSS V2 None CVSS V3 None
Description
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
Overview
  • CVE ID
  • CVE-2024-23650
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-01-31T21:42:13.382Z
  • Last Modified Date
  • 2024-01-31T21:42:13.382Z
Weakness Enumerations
CWE URL
CWE-754 http://cwe.mitre.org/data/definitions/754.html
References
Reference URL Reference Tags
https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx x_refsource_CONFIRM
https://github.com/moby/buildkit/pull/4601 x_refsource_MISC
https://github.com/moby/buildkit/releases/tag/v0.12.5 x_refsource_MISC
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-23650
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650
History
Created Old Value New Value Data Type Notes
2024-06-26 06:46:49 Added to TrackCVE