BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
References
Link | Resource |
---|---|
https://github.com/moby/buildkit/pull/4601 | Patch Vendor Advisory |
https://github.com/moby/buildkit/releases/tag/v0.12.5 | Patch Release Notes |
https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-31T21:42:13.382Z
Updated: 2024-01-31T21:42:13.382Z
Reserved: 2024-01-19T00:18:53.234Z
Link: CVE-2024-23650
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-31T22:15:53.990
Modified: 2024-02-09T01:38:44.823
Link: CVE-2024-23650
JSON object: View
Redhat Information
No data.
CWE