Skip to content

CVE-2025-0395 in registry.k8s.io/build-image/distroless-iptables:v0.7.3 #3959

New issue
New issue
Open
Open
CVE-2025-0395 in registry.k8s.io/build-image/distroless-iptables:v0.7.3#3959
Labels
needs-kindIndicates a PR lacks a `kind/foo` label and requires one.needs-priority
@aramase

Description

@aramase
aramase
opened on Mar 18, 2025

What happened:

CVE in registry.k8s.io/build-image/distroless-iptables:v0.7.3 image

➜ trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL registry.k8s.io/build-image/distroless-iptables:v0.7.3      
2025-03-18T09:15:13.852-0700    INFO    Need to update DB
2025-03-18T09:15:13.852-0700    INFO    DB Repository: ghcr.io/aquasecurity/trivy-db
2025-03-18T09:15:13.852-0700    INFO    Downloading DB...
61.03 MiB / 61.03 MiB [---------------------------------------------------------------------------------------------------------------------------------------] 100.00% 6.73 MiB p/s 9.3s
2025-03-18T09:15:28.176-0700    INFO    Vulnerability scanning is enabled
2025-03-18T09:15:28.176-0700    INFO    Secret scanning is enabled
2025-03-18T09:15:28.176-0700    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-18T09:15:28.176-0700    INFO    Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2025-03-18T09:15:31.728-0700    INFO    Detected OS: debian
2025-03-18T09:15:31.729-0700    INFO    Detecting Debian vulnerabilities...
2025-03-18T09:15:31.731-0700    INFO    Number of language-specific files: 0

registry.k8s.io/build-image/distroless-iptables:v0.7.3 (debian 12.9)

Total: 1 (MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌─────────┬───────────────┬──────────┬────────┬───────────────────┬─────────────────┬────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │  Fixed Version  │                         Title                          │
├─────────┼───────────────┼──────────┼────────┼───────────────────┼─────────────────┼────────────────────────────────────────────────────────┤
│ libc6   │ CVE-2025-0395 │ MEDIUM   │ fixed  │ 2.36-9+deb12u9    │ 2.36-9+deb12u10 │ glibc: buffer overflow in the GNU C Library's assert() │
│         │               │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-0395              │
└─────────┴───────────────┴──────────┴────────┴───────────────────┴─────────────────┴────────────────────────────────────────────────────────┘

What you expected to happen:

New distroless-iptables images with CVEs resolved.

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs-kindIndicates a PR lacks a `kind/foo` label and requires one.needs-priority

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions