Docker hashicorp/packer:1.3.4

Vulnerabilities

32 via 41 paths

Dependencies

27

Source

Group 6 Copy Created with Sketch. Docker

Target OS

alpine:3.7.0
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 27
  • 3
  • 2
Status
  • 32
  • 0
  • 0

high severity

Buffer Overflow

  • Vulnerable module: curl/libcurl
  • Introduced through: curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r3

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* curl/libcurl@7.61.1-r1

high severity

Double Free

  • Vulnerable module: curl/libcurl
  • Introduced through: curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r3

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* curl/libcurl@7.61.1-r1

high severity

Out-of-bounds Read

  • Vulnerable module: curl/libcurl
  • Introduced through: curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r2

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* curl/libcurl@7.61.1-r1

Overview

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller.

References

high severity

Out-of-bounds Read

  • Vulnerable module: curl/libcurl
  • Introduced through: curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r2

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* curl/libcurl@7.61.1-r1

Overview

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

References

high severity

Out-of-bounds Write

  • Vulnerable module: curl/libcurl
  • Introduced through: curl/libcurl@7.61.1-r1
  • Fixed in: 7.61.1-r2

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* curl/libcurl@7.61.1-r1

Overview

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

References

high severity

Out-of-bounds Read

  • Vulnerable module: expat/expat
  • Introduced through: expat/expat@2.2.5-r0
  • Fixed in: 2.2.7-r1

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* expat/expat@2.2.5-r0

Overview

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

References

high severity

XML External Entity (XXE) Injection

  • Vulnerable module: expat/expat
  • Introduced through: expat/expat@2.2.5-r0
  • Fixed in: 2.2.7-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* expat/expat@2.2.5-r0

Overview

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

References

high severity

CVE-2019-1353

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.4-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Affected versions of this package are vulnerable to CVE-2019-1353. An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.4-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.4-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.4-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.4-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.

Remediation

Upgrade git to version or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.4-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

Remediation

Upgrade git to version or higher.

References

high severity

Untrusted Search Path

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.r-r1

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

References

high severity

Use of Incorrectly-Resolved Name or Reference

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.4-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference. A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

Remediation

Upgrade git to version or higher.

References

high severity

Key Management Errors

  • Vulnerable module: libressl/libressl2.6-libcrypto
  • Introduced through: libressl/libressl2.6-libcrypto@2.6.3-r0 and libressl/libressl2.6-libssl@2.6.3-r0
  • Fixed in: 2.6.5-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libressl/libressl2.6-libcrypto@2.6.3-r0
  • Introduced through: hashicorp/packer:1.3.4@* libressl/libressl2.6-libssl@2.6.3-r0

Overview

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.9.0-r1

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

The SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Read

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

high severity

Out-of-bounds Write

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

References

high severity

Out-of-bounds Write

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

References

high severity

Out-of-bounds Write

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

References

high severity

Out-of-bounds Write

  • Vulnerable module: libssh2/libssh2
  • Introduced through: libssh2/libssh2@1.8.0-r2
  • Fixed in: 1.8.1-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libssh2/libssh2@1.8.0-r2

Overview

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

References

high severity

Out-of-bounds Write

  • Vulnerable module: musl/musl
  • Introduced through: musl/musl@1.1.18-r2 and musl/musl-utils@1.1.18-r2
  • Fixed in: 1.1.18-r4

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* musl/musl@1.1.18-r2
  • Introduced through: hashicorp/packer:1.3.4@* musl/musl-utils@1.1.18-r2

Overview

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

References

medium severity

Information Exposure

  • Vulnerable module: libressl/libressl2.6-libcrypto
  • Introduced through: libressl/libressl2.6-libcrypto@2.6.3-r0 and libressl/libressl2.6-libssl@2.6.3-r0
  • Fixed in: 2.6.5-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* libressl/libressl2.6-libcrypto@2.6.3-r0
  • Introduced through: hashicorp/packer:1.3.4@* libressl/libressl2.6-libssl@2.6.3-r0

Overview

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

References

medium severity

Information Exposure

  • Vulnerable module: openssl/libcrypto1.0
  • Introduced through: openssl/libcrypto1.0@1.0.2q-r0, openssl/libssl1.0@1.0.2q-r0 and others
  • Fixed in: 1.0.2r-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* openssl/libcrypto1.0@1.0.2q-r0
  • Introduced through: hashicorp/packer:1.3.4@* openssl/libssl1.0@1.0.2q-r0
  • Introduced through: hashicorp/packer:1.3.4@* openssl/openssl@1.0.2q-r0

Overview

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

References

medium severity

Missing Encryption of Sensitive Data

  • Vulnerable module: openssl/libcrypto1.0
  • Introduced through: openssl/libcrypto1.0@1.0.2q-r0, openssl/libssl1.0@1.0.2q-r0 and others
  • Fixed in: 1.0.2t-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* openssl/libcrypto1.0@1.0.2q-r0
  • Introduced through: hashicorp/packer:1.3.4@* openssl/libssl1.0@1.0.2q-r0
  • Introduced through: hashicorp/packer:1.3.4@* openssl/openssl@1.0.2q-r0

Overview

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

References

low severity

Improper Input Validation

  • Vulnerable module: git/git
  • Introduced through: git/git@2.15.3-r0
  • Fixed in: 2.15.4-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* git/git@2.15.3-r0

Overview

Affected versions of this package are vulnerable to Improper Input Validation. An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.

Remediation

Upgrade git to version or higher.

References

low severity

Missing Encryption of Sensitive Data

  • Vulnerable module: openssl/libcrypto1.0
  • Introduced through: openssl/libcrypto1.0@1.0.2q-r0, openssl/libssl1.0@1.0.2q-r0 and others
  • Fixed in: 1.0.2t-r0

Detailed paths

  • Introduced through: hashicorp/packer:1.3.4@* openssl/libcrypto1.0@1.0.2q-r0
  • Introduced through: hashicorp/packer:1.3.4@* openssl/libssl1.0@1.0.2q-r0
  • Introduced through: hashicorp/packer:1.3.4@* openssl/openssl@1.0.2q-r0

Overview

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

References