Skip to content

CVE-2024-4603, CVE-2024-4741 in registry.k8s.io/build-image/distroless-iptables:v0.6.2 #3740

Closed
@aramase

Description

@aramase

What happened:

CVE in registry.k8s.io/build-image/distroless-iptables:v0.6.2 image

➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/build-image/distroless-iptables:v0.6.2       
2024-09-02T23:44:36.552-0700    INFO    Need to update DB
2024-09-02T23:44:36.553-0700    INFO    DB Repository: ghcr.io/aquasecurity/trivy-db
2024-09-02T23:44:36.553-0700    INFO    Downloading DB...
52.71 MiB / 52.71 MiB [-----------------------------------------------------------------------------------------------------] 100.00% 20.13 MiB p/s 2.8s
2024-09-02T23:44:40.496-0700    INFO    Vulnerability scanning is enabled
2024-09-02T23:44:40.496-0700    INFO    Secret scanning is enabled
2024-09-02T23:44:40.496-0700    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-02T23:44:40.496-0700    INFO    Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2024-09-02T23:44:48.201-0700    INFO    Detected OS: debian
2024-09-02T23:44:48.201-0700    INFO    Detecting Debian vulnerabilities...
2024-09-02T23:44:48.209-0700    INFO    Number of language-specific files: 0

registry.k8s.io/build-image/distroless-iptables:v0.6.2 (debian 12.6)

Total: 2 (MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────┬───────────────┬──────────┬────────┬───────────────────┬──────────────────┬─────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │  Fixed Version   │                        Title                        │
├─────────┼───────────────┼──────────┼────────┼───────────────────┼──────────────────┼─────────────────────────────────────────────────────┤
│ libssl3 │ CVE-2024-4603 │ MEDIUM   │ fixed  │ 3.0.13-1~deb12u1  │ 3.0.14-1~deb12u1 │ openssl: Excessive time spent checking DSA keys and │
│         │               │          │        │                   │                  │ parameters                                          │
│         │               │          │        │                   │                  │ https://avd.aquasec.com/nvd/cve-2024-4603           │
│         ├───────────────┤          │        │                   │                  ├─────────────────────────────────────────────────────┤
│         │ CVE-2024-4741 │          │        │                   │                  │ openssl: Use After Free with SSL_free_buffers       │
│         │               │          │        │                   │                  │ https://avd.aquasec.com/nvd/cve-2024-4741           │
└─────────┴───────────────┴──────────┴────────┴───────────────────┴──────────────────┴─────────────────────────────────────────────────────┘

What you expected to happen:

New distroless-iptables images with CVEs resolved.

Metadata

Metadata

Assignees

Labels

needs-kindIndicates a PR lacks a `kind/foo` label and requires one.needs-priority

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions