CVE-2024-3727
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 5.29.3 | affected | ||
5.30.0 < 5.30.1 | affected | ||
| Red Hat | OADP-1.3-RHEL-9 | 1.3.4-9 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-4 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-3 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-3 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-3 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.4 | 4.4.5-3 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-1 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.5 | 4.5.2-2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 8100020240808093819.afee755d < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 2:1.37.2-1.el9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 2:1.16.1-1.el9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 2:5.2.2-1.el9 < * | unaffected |
| Red Hat | Red Hat Migration Toolkit for Containers 1.8 | v1.8.4-22 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 3:4.4.1-13.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 2:1.11.3-3.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | v4.14.0-202407260439.p0.g8d9b39e.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 3:4.4.1-19.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 2:1.11.3-3.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409172305.p0.g17536c8.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409171307.p0.ged4651a.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409161436.p0.g1f44c02.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409120135.p0.gf7f5eed.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409131835.p0.gadccbd5.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409120135.p0.g8425d88.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409130735.p0.gc03231f.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409131635.p0.gb73e37f.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409161836.p0.g092d15b.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409180105.p0.g1fdd5b0.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409180905.p0.gf6f61ca.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409171307.p0.g160e7ca.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409131635.p0.gb7c1d6a.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409111636.p0.gf0c44f6.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409120135.p0.g3ab953d.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409111636.p0.g9ea52de.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409111636.p0.gd80fe46.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409120135.p0.g8de6f94.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409171307.p0.g5d529dd.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409180305.p0.g1da79fe.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409172305.p0.g5af0be8.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409130536.p0.g1d6a7ed.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409161436.p0.g4121cfc.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409120135.p0.g71a6f28.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409180705.p0.g95ee44e.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202409161234.p0.g4e8d689.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 415.92.202409162258-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 3:4.4.1-30.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 2:1.11.3-4.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202410230304.p0.g366295f.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202410230304.p0.gfde2b2e.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 4:4.9.4-5.1.rhaos4.16.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 2:1.14.4-1.rhaos4.16.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 0:1.29.5-7.rhaos4.16.git7db4ada.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202407171536.p0.g1551101.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202409231504.p0.g342902b.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202410172201.p0.gb121e87.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | v4.17.0-202409122005.p0.gb170ad0.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | v4.17.0-202409100034.p0.g8d16b39.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | v4.17.0-202409101338.p0.gb0d86a0.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | v4.17.0-202410022234.p0.gfbc55c6.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | v4.18.0-202502040032.p0.ge5a4005.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | v4.18.0-202502041302.p0.g51a74ac.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | v4.18.0-202501230001.p0.g5348c85.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | v4.18.0-202502100153.p0.g120ba67.assembly.stream.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | v4.18.0-202502060238.p0.g73d65db.assembly.stream.el9 < * | unaffected |
| Red Hat | RHEL-9-CNV-4.15 | v4.15.5-7 < * | unaffected |
Weaknesses
- CWE-354: Improper Validation of Integrity Check Value
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2024:0045
- https://access.redhat.com/errata/RHSA-2024:4159
- https://access.redhat.com/errata/RHSA-2024:4613
- https://access.redhat.com/security/cve/CVE-2024-3727
- https://bugzilla.redhat.com/show_bug.cgi?id=2274767
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/
References
- https://access.redhat.com/errata/RHSA-2024:0045
- https://access.redhat.com/errata/RHSA-2024:3718
- https://access.redhat.com/errata/RHSA-2024:4159
- https://access.redhat.com/errata/RHSA-2024:4613
- https://access.redhat.com/errata/RHSA-2024:4850
- https://access.redhat.com/errata/RHSA-2024:4960
- https://access.redhat.com/errata/RHSA-2024:5258
- https://access.redhat.com/errata/RHSA-2024:5951
- https://access.redhat.com/errata/RHSA-2024:6054
- https://access.redhat.com/errata/RHSA-2024:6122
- https://access.redhat.com/errata/RHSA-2024:6708
- https://access.redhat.com/errata/RHSA-2024:6818
- https://access.redhat.com/errata/RHSA-2024:6824
- https://access.redhat.com/errata/RHSA-2024:7164
- https://access.redhat.com/errata/RHSA-2024:7174
- https://access.redhat.com/errata/RHSA-2024:7182
- https://access.redhat.com/errata/RHSA-2024:7187
- https://access.redhat.com/errata/RHSA-2024:7922
- https://access.redhat.com/errata/RHSA-2024:7941
- https://access.redhat.com/errata/RHSA-2024:8260
- https://access.redhat.com/errata/RHSA-2024:8425
- https://access.redhat.com/errata/RHSA-2024:9097
- https://access.redhat.com/errata/RHSA-2024:9098
- https://access.redhat.com/errata/RHSA-2024:9102
- https://access.redhat.com/errata/RHSA-2024:9960
- https://access.redhat.com/security/cve/CVE-2024-3727
- https://bugzilla.redhat.com/show_bug.cgi?id=2274767
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.