Docker google/cloud-sdk:224.0.0-alpine

Vulnerabilities

55 via 65 paths

Dependencies

53

Source

Group 6 Copy Created with Sketch. Docker

Target OS

alpine:3.8.1
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 46
  • 8
  • 1
Status
  • 55
  • 0
  • 0

high severity

Out-of-bounds Write

  • Vulnerable module: bzip2/libbz2
  • Introduced through: bzip2/libbz2@1.0.6-r6
  • Fixed in: 1.0.6-r7

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* bzip2/libbz2@1.0.6-r6

Overview

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

References

high severity

Buffer Overflow

  • Vulnerable module: curl/curl
  • Introduced through: curl/curl@7.61.1-r1 and curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r3

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/curl@7.61.1-r1
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/libcurl@7.61.1-r1

high severity

Double Free

  • Vulnerable module: curl/curl
  • Introduced through: curl/curl@7.61.1-r1 and curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r3

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/curl@7.61.1-r1
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/libcurl@7.61.1-r1

high severity

Out-of-bounds Read

  • Vulnerable module: curl/curl
  • Introduced through: curl/curl@7.61.1-r1 and curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r2

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/curl@7.61.1-r1
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/libcurl@7.61.1-r1

Overview

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller.

References

high severity

Out-of-bounds Read

  • Vulnerable module: curl/curl
  • Introduced through: curl/curl@7.61.1-r1 and curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r2

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/curl@7.61.1-r1
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/libcurl@7.61.1-r1

Overview

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

References

high severity

Out-of-bounds Write

  • Vulnerable module: curl/curl
  • Introduced through: curl/curl@7.61.1-r1 and curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r2

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/curl@7.61.1-r1
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* curl/libcurl@7.61.1-r1

Overview

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

References

high severity

Out-of-bounds Write

  • Vulnerable module: cyrus-sasl/libsasl
  • Introduced through: cyrus-sasl/libsasl@2.1.26-r13
  • Fixed in: 2.1.26-r15

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* cyrus-sasl/libsasl@2.1.26-r13

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Remediation

Upgrade cyrus-sasl to version or higher.

References

high severity

Out-of-bounds Read

  • Vulnerable module: expat/expat
  • Introduced through: expat/expat@2.2.5-r0
  • Fixed in: 2.2.7-r1

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* expat/expat@2.2.5-r0

Overview

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

References

high severity

XML External Entity (XXE) Injection

  • Vulnerable module: expat/expat
  • Introduced through: expat/expat@2.2.5-r0
  • Fixed in: 2.2.7-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* expat/expat@2.2.5-r0

Overview

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

References

high severity

CVE-2019-1353

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to CVE-2019-1353. An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

Remediation

Upgrade git to version or higher.

References

high severity

Insufficiently Protected Credentials

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.4-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Insufficiently Protected Credentials. Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where some credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching any URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.

Remediation

Upgrade git to version or higher.

References

high severity

Insufficiently Protected Credentials

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.3-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Insufficiently Protected Credentials. Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.

Remediation

Upgrade git to version or higher.

References

high severity

Untrusted Search Path

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.1-r1

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

References

high severity

Use of Incorrectly-Resolved Name or Reference

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference. A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

Remediation

Upgrade git to version or higher.

References

high severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: gnupg/gnupg
  • Introduced through: gnupg/gnupg@2.2.8-r0
  • Fixed in: 2.2.19-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* gnupg/gnupg@2.2.8-r0

Overview

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm. A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

Remediation

Upgrade gnupg to version or higher.

References

high severity

Access of Uninitialized Pointer

  • Vulnerable module: gnutls/gnutls
  • Introduced through: gnutls/gnutls@3.6.2-r0
  • Fixed in: 3.6.7-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* gnutls/gnutls@3.6.2-r0

Overview

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

References

high severity

Double Free

  • Vulnerable module: gnutls/gnutls
  • Introduced through: gnutls/gnutls@3.6.2-r0
  • Fixed in: 3.6.7-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* gnutls/gnutls@3.6.2-r0

Overview

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.

References

high severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: gnutls/gnutls
  • Introduced through: gnutls/gnutls@3.6.2-r0
  • Fixed in: 3.6.7-r1

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* gnutls/gnutls@3.6.2-r0

Overview

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm. GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

Remediation

Upgrade gnutls to version or higher.

References

high severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: gnutls/gnutls
  • Introduced through: gnutls/gnutls@3.6.2-r0
  • Fixed in: 3.6.14-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* gnutls/gnutls@3.6.2-r0

Overview

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm. GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

Remediation

Upgrade gnutls to version or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.9.0-r1

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

The SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Write

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

References

high severity

Out-of-bounds Write

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

References

high severity

Out-of-bounds Write

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

References

high severity

Out-of-bounds Write

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r3
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libssh2/libssh2@1.8.0-r3

Overview

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

References

high severity

Out-of-bounds Write

  • Vulnerable module: musl/libc6-compat
  • Introduced through: musl/libc6-compat@1.1.19-r10, musl/musl@1.1.19-r10 and others
  • Fixed in: 1.1.19-r11

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* musl/libc6-compat@1.1.19-r10
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* musl/musl@1.1.19-r10
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* musl/musl-utils@1.1.19-r10

Overview

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

References

high severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: nghttp2/nghttp2-libs
  • Introduced through: nghttp2/nghttp2-libs@1.32.0-r0
  • Fixed in: 1.39.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* nghttp2/nghttp2-libs@1.32.0-r0

Overview

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

References

high severity

Resource Exhaustion

  • Vulnerable module: nghttp2/nghttp2-libs
  • Introduced through: nghttp2/nghttp2-libs@1.32.0-r0
  • Fixed in: 1.39.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* nghttp2/nghttp2-libs@1.32.0-r0

Overview

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

References

high severity

Improper Authentication

  • Vulnerable module: openldap/libldap
  • Introduced through: openldap/libldap@2.4.46-r0
  • Fixed in: 2.4.48-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openldap/libldap@2.4.46-r0

Overview

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.

References

high severity

Resource Exhaustion

  • Vulnerable module: openldap/libldap
  • Introduced through: openldap/libldap@2.4.46-r0
  • Fixed in: 2.4.48-r1

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openldap/libldap@2.4.46-r0

Overview

Affected versions of this package are vulnerable to Resource Exhaustion. In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Remediation

Upgrade openldap to version or higher.

References

high severity

Credentials Management

  • Vulnerable module: python2/python2
  • Introduced through: python2/python2@2.7.15-r1
  • Fixed in: 2.7.15-r2

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* python2/python2@2.7.15-r1

Overview

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.

References

high severity

Directory Traversal

  • Vulnerable module: python2/python2
  • Introduced through: python2/python2@2.7.15-r1
  • Fixed in: 2.7.15-r2

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* python2/python2@2.7.15-r1

Overview

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

References

high severity

Missing Initialization of Resource

  • Vulnerable module: python2/python2
  • Introduced through: python2/python2@2.7.15-r1
  • Fixed in: 2.7.15-r2

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* python2/python2@2.7.15-r1

Overview

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

References

high severity

CVE-2019-19244

  • Vulnerable module: sqlite/sqlite-libs
  • Introduced through: sqlite/sqlite-libs@3.24.0-r0
  • Fixed in: 3.25.3-r3

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* sqlite/sqlite-libs@3.24.0-r0

Overview

Affected versions of this package are vulnerable to CVE-2019-19244 sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

Remediation

Upgrade sqlite to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: sqlite/sqlite-libs
  • Introduced through: sqlite/sqlite-libs@3.24.0-r0
  • Fixed in: 3.25.0-r4

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* sqlite/sqlite-libs@3.24.0-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

Remediation

Upgrade sqlite to version or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: sqlite/sqlite-libs
  • Introduced through: sqlite/sqlite-libs@3.24.0-r0
  • Fixed in: 3.25.3-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* sqlite/sqlite-libs@3.24.0-r0

Overview

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

References

high severity

Out-of-bounds Read

  • Vulnerable module: sqlite/sqlite-libs
  • Introduced through: sqlite/sqlite-libs@3.24.0-r0
  • Fixed in: 3.25.3-r1

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* sqlite/sqlite-libs@3.24.0-r0

medium severity

Cryptographic Issues

  • Vulnerable module: libgcrypt/libgcrypt
  • Introduced through: libgcrypt/libgcrypt@1.8.3-r0
  • Fixed in: 1.8.3-r1

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libgcrypt/libgcrypt@1.8.3-r0

Overview

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)

References

medium severity

Resource Management Errors

  • Vulnerable module: libtasn1/libtasn1
  • Introduced through: libtasn1/libtasn1@4.13-r0
  • Fixed in: 4.14-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* libtasn1/libtasn1@4.13-r0

Overview

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

References

medium severity

Improper Authentication

  • Vulnerable module: openldap/libldap
  • Introduced through: openldap/libldap@2.4.46-r0
  • Fixed in: 2.4.48-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openldap/libldap@2.4.46-r0

Overview

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

References

medium severity

Directory Traversal

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@7.7_p1-r3 and openssh/openssh-keygen@7.7_p1-r3
  • Fixed in: 7.7_p1-r4

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openssh/openssh-client@7.7_p1-r3
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openssh/openssh-keygen@7.7_p1-r3

Overview

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

References

medium severity

Improper Encoding or Escaping of Output

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@7.7_p1-r3 and openssh/openssh-keygen@7.7_p1-r3
  • Fixed in: 7.7_p1-r4

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openssh/openssh-client@7.7_p1-r3
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openssh/openssh-keygen@7.7_p1-r3

Overview

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

References

medium severity

Incorrect Authorization

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@7.7_p1-r3 and openssh/openssh-keygen@7.7_p1-r3
  • Fixed in: 7.7_p1-r4

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openssh/openssh-client@7.7_p1-r3
  • Introduced through: google/cloud-sdk:224.0.0-alpine@* openssh/openssh-keygen@7.7_p1-r3

Overview

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

References

medium severity

Divide By Zero

  • Vulnerable module: sqlite/sqlite-libs
  • Introduced through: sqlite/sqlite-libs@3.24.0-r0
  • Fixed in: 3.25.3-r2

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* sqlite/sqlite-libs@3.24.0-r0

Overview

Affected versions of this package are vulnerable to Divide By Zero. In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Remediation

Upgrade sqlite to version or higher.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: sqlite/sqlite-libs
  • Introduced through: sqlite/sqlite-libs@3.24.0-r0
  • Fixed in: 3.25.3-r3

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* sqlite/sqlite-libs@3.24.0-r0

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

Remediation

Upgrade sqlite to version or higher.

References

low severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.18.1-r0
  • Fixed in: 2.18.2-r0

Detailed paths

  • Introduced through: google/cloud-sdk:224.0.0-alpine@* git/git@2.18.1-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.

Remediation

Upgrade git to version or higher.

References