Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-48958 (HIGH): detected in Lambda Docker Images. #208

Open
the-lambda-watchdog opened this issue Nov 2, 2024 · 0 comments
Open

CVE-2024-48958 (HIGH): detected in Lambda Docker Images. #208

the-lambda-watchdog opened this issue Nov 2, 2024 · 0 comments

Comments

@the-lambda-watchdog
Copy link

CVE Details

CVE ID Severity Affected Package Installed Version Fixed Version Date Published Date of Scan
CVE-2024-48958 HIGH libarchive 3.7.4-2.amzn2023.0.1 3.7.4-2.amzn2023.0.2 2024-10-10T02:15:03.057Z 2024-11-01T10:18:21.74062518Z

Affected Docker Images

Image Name SHA
public.ecr.aws/lambda/provided:latest public.ecr.aws/lambda/provided@sha256:a2d21bf39c02aa97dbf9b97aeb97f6a182b9613a71db3f72e76f6b96f6d3f402
public.ecr.aws/lambda/provided:al2023 public.ecr.aws/lambda/provided@sha256:a2d21bf39c02aa97dbf9b97aeb97f6a182b9613a71db3f72e76f6b96f6d3f402
public.ecr.aws/lambda/python:latest public.ecr.aws/lambda/python@sha256:2951186769ff98c4f1acf3783d9432e40cb3b03c72aab239588b3544f647bb36
public.ecr.aws/lambda/python:3.13-preview public.ecr.aws/lambda/python@sha256:9ca25fb397dad7b7c4d16eb8bc5beb4490774c7fa453486737691d67d66887b5
public.ecr.aws/lambda/python:3.12 public.ecr.aws/lambda/python@sha256:2951186769ff98c4f1acf3783d9432e40cb3b03c72aab239588b3544f647bb36
public.ecr.aws/lambda/nodejs:latest public.ecr.aws/lambda/nodejs@sha256:ddf2f8e327185c9f74b7ba55102414162bb8a3a9f549331f7d9a4a959b318602
public.ecr.aws/lambda/nodejs:20 public.ecr.aws/lambda/nodejs@sha256:ddf2f8e327185c9f74b7ba55102414162bb8a3a9f549331f7d9a4a959b318602
public.ecr.aws/lambda/java:latest public.ecr.aws/lambda/java@sha256:0959dc1da644c0e48615fb6729ca7b70b7f374dda131677ca646033a93bc6d2d
public.ecr.aws/lambda/java:21 public.ecr.aws/lambda/java@sha256:0959dc1da644c0e48615fb6729ca7b70b7f374dda131677ca646033a93bc6d2d
public.ecr.aws/lambda/dotnet:latest public.ecr.aws/lambda/dotnet@sha256:cc4f4f352dd07dd3a5ca1ebab6f5c35a373f62a005bafd7995d1de3a38888f1c
public.ecr.aws/lambda/dotnet:8 public.ecr.aws/lambda/dotnet@sha256:cc4f4f352dd07dd3a5ca1ebab6f5c35a373f62a005bafd7995d1de3a38888f1c
public.ecr.aws/lambda/ruby:latest public.ecr.aws/lambda/ruby@sha256:b5414d030d5d7e108f92933e91d2f7a770803dba8332c42a93729a0f2aea12fc
public.ecr.aws/lambda/ruby:3.3 public.ecr.aws/lambda/ruby@sha256:b5414d030d5d7e108f92933e91d2f7a770803dba8332c42a93729a0f2aea12fc

Description

execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

Remediation Steps

  • Update the affected package libarchive from version 3.7.4-2.amzn2023.0.1 to 3.7.4-2.amzn2023.0.2.

About this issue

  • This issue may not contain all the information about the CVE nor the images it affects.
  • This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
  • For more, visit Lambda Watchdog.
  • This issue was created automatically by Lambda Watchdog.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@the-lambda-watchdog