Published: 31/01/2024 Updated: 09/02/2024

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mobyproject buildkit

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of ...

DescriptionA vulnerability was found in the Moby Builder Toolkit A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation A frontend is usually specified as the #syntax line on a Dockerfile or with the --frontend flag when using the buil ...

CWE-754 https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx https://github.com/moby/buildkit/pull/4601 https://github.com/moby/buildkit/releases/tag/v0.12.5 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-039.html

CVE-2024-23650

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect