3 matches found
RHCOS 4 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1937 advisory. - containers/image: Container images read entire image manifest into memory CVE-2020-1702 - proglottis/gpgme: Use-after-free in GPGM...
MiracleLinux 7 : buildah-1.11.6-11.el7 (AXSA:2020-066:02)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-066:02 advisory. buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 containers/image: Container images read...
containers/image: Container images read entire image manifest into memory
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...