AZL-34083 CVE-2024-23650 affecting package moby-engine for versions less than 24.0.9-14

🗓️ 31 Jan 2024 22:15:53Reported by GoogleType

osv🔗 osv.dev👁 3 Views

AZL-34083 CVE-2024-23650 affects moby-engine versions below 24.0.9-14; a malicious BuildKit client could crash the daemon, fixed in v0.12.5; avoid frontends from untrusted sources.

Reporter	Title	Published	Views	Family All 143
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data	30 Sep 202416:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Concert Software is vulnerable to multiple issues	22 Aug 202417:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	28 Feb 202417:18	–	ibm
Tenable Nessus	Amazon Linux 2023 : docker (ALAS2023-2024-542)	6 Mar 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASDOCKER-2024-044)	29 Aug 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASECS-2024-041)	5 Sep 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)	29 Aug 202400:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0101: container-tools:rhel8 (ALINUX3-SA-2024:0101)	14 May 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)	16 Feb 202500:00	–	nessus
Tenable Nessus	Docker Desktop < 4.27.1 Multiple Vulnerabilities	9 Feb 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-23650

21 Apr 2026 04:27Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.3

EPSS0.0011