CVE-2024-23650

🗓️ 31 Jan 2024 21:42:13Reported by GitHub_MType

BuildKit: Malicious request leads to daemon crash CVE-2024-23650

Reporter	Title	Published	Views	Family All 143
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data	30 Sep 202416:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Concert Software is vulnerable to multiple issues	22 Aug 202417:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	28 Feb 202417:18	–	ibm
Tenable Nessus	Amazon Linux 2023 : docker (ALAS2023-2024-542)	6 Mar 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASDOCKER-2024-044)	29 Aug 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASECS-2024-041)	5 Sep 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)	29 Aug 202400:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0101: container-tools:rhel8 (ALINUX3-SA-2024:0101)	14 May 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)	16 Feb 202500:00	–	nessus
Tenable Nessus	Docker Desktop < 4.27.1 Multiple Vulnerabilities	9 Feb 202400:00	–	nessus

NVD

Vulners

Vulnrichment

Node

mobyproject buildkitRange<0.12.5

[
  {
    "vendor": "moby",
    "product": "buildkit",
    "versions": [
      {
        "version": "< 0.12.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx
github	www.github.com/moby/buildkit/releases/tag/v0.12.5
github	www.github.com/moby/buildkit/pull/4601

21 Nov 2024 08:58Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

EPSS0.0011

SSVC

CWE-754