Docker buildpack-deps:disco-scm

Vulnerabilities

2 via 5 paths

Dependencies

173

Source

Group 6 Copy Created with Sketch. Docker

Target OS

ubuntu:19.04
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity

Out-of-bounds Write

  • Vulnerable module: e2fsprogs
  • Introduced through: e2fsprogs@1.44.6-1ubuntu0.1, e2fsprogs/libcom-err2@1.44.6-1ubuntu0.1 and others
  • Fixed in: 1.44.6-1ubuntu0.2

Detailed paths

  • Introduced through: buildpack-deps:disco-scm@* e2fsprogs@1.44.6-1ubuntu0.1
  • Introduced through: buildpack-deps:disco-scm@* e2fsprogs/libcom-err2@1.44.6-1ubuntu0.1
  • Introduced through: buildpack-deps:disco-scm@* e2fsprogs/libext2fs2@1.44.6-1ubuntu0.1
  • Introduced through: buildpack-deps:disco-scm@* e2fsprogs/libss2@1.44.6-1ubuntu0.1

NVD Description

Note: Versions mentioned in the description apply to the upstream e2fsprogs package. See Remediation section below for Ubuntu:19.04 relevant versions.

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade Ubuntu:19.04 e2fsprogs to version 1.44.6-1ubuntu0.2 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: libbsd/libbsd0
  • Introduced through: libbsd/libbsd0@0.9.1-2
  • Fixed in: 0.9.1-2ubuntu0.1

Detailed paths

  • Introduced through: buildpack-deps:disco-scm@* libbsd/libbsd0@0.9.1-2

NVD Description

Note: Versions mentioned in the description apply to the upstream libbsd package. See Remediation section below for Ubuntu:19.04 relevant versions.

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

Remediation

Upgrade Ubuntu:19.04 libbsd to version 0.9.1-2ubuntu0.1 or higher.

References