Medium: nerdctl

🗓️ 06 Aug 2024 00:00:00Reported by AmazonType

A HTTP sender can cause a receiver to read more bytes from the network than in the body. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data. Protojson.Unmarshal function can enter an infinite loop. Package jose allows an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed

Reporter	Title	Published	Views	Family All 4360
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from kerberos 5, libxml2, go-jose, runc	3 Feb 202522:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and the IntegrationServer and IntegrationRuntime operands are vulnerable to networking errors [CVE-2024-24790]	23 Aug 202409:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .	22 May 202409:19	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus	4 Feb 202518:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)	21 Jun 202415:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data	12 Jun 202515:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Protocol Buffers protobuf-go	26 Feb 202518:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go	5 Jun 202420:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	4 Dec 202410:17	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	nerdctl	1.7.6-1.amzn2.0.1	nerdctl-1.7.6-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	aarch64	nerdctl-debuginfo	1.7.6-1.amzn2.0.1	nerdctl-debuginfo-1.7.6-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	x86_64	nerdctl	1.7.6-1.amzn2.0.1	nerdctl-1.7.6-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	x86_64	nerdctl-debuginfo	1.7.6-1.amzn2.0.1	nerdctl-debuginfo-1.7.6-1.amzn2.0.1.x86_64.rpm

28 Aug 2024 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 3.19.8

EPSS0.75268

SSVC