Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-34459 (MEDIUM): detected in Lambda Docker Images. #216

Open
the-lambda-watchdog opened this issue Dec 11, 2024 · 0 comments
Open

CVE-2024-34459 (MEDIUM): detected in Lambda Docker Images. #216

the-lambda-watchdog opened this issue Dec 11, 2024 · 0 comments

Comments

@the-lambda-watchdog
Copy link

CVE Details

CVE ID Severity Affected Package Installed Version Fixed Version Date Published Date of Scan
CVE-2024-34459 MEDIUM libxml2 2.10.4-1.amzn2023.0.6 2.10.4-1.amzn2023.0.7 2024-05-14T15:39:11.917Z 2024-12-11T10:18:12.916466495Z

Affected Docker Images

Image Name SHA
public.ecr.aws/lambda/provided:latest public.ecr.aws/lambda/provided@sha256:1bcfd1c03e1eca6357e55042c34d4ac5ab61e6786e2015ef57030036f03d9b96
public.ecr.aws/lambda/provided:al2023 public.ecr.aws/lambda/provided@sha256:1bcfd1c03e1eca6357e55042c34d4ac5ab61e6786e2015ef57030036f03d9b96
public.ecr.aws/lambda/python:latest public.ecr.aws/lambda/python@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
public.ecr.aws/lambda/python:3.13 public.ecr.aws/lambda/python@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
public.ecr.aws/lambda/python:3.12 public.ecr.aws/lambda/python@sha256:92c88c1adc374b073b07b12bd4045497af7da68230d47c2b330423115c5850dc
public.ecr.aws/lambda/nodejs:latest public.ecr.aws/lambda/nodejs@sha256:42cb7f0f72ff3314a21a8912153a7bf35e610b63a61eaf5557bfb2041e00cd82
public.ecr.aws/lambda/nodejs:22 public.ecr.aws/lambda/nodejs@sha256:42cb7f0f72ff3314a21a8912153a7bf35e610b63a61eaf5557bfb2041e00cd82
public.ecr.aws/lambda/nodejs:20 public.ecr.aws/lambda/nodejs@sha256:20c15965078689b3218c9a214b394133da97a86c3383bca88e095b9cb6acc669
public.ecr.aws/lambda/java:latest public.ecr.aws/lambda/java@sha256:8b58086b1c73169634763186bbe054b54f8060105ce1e052e8f884b8385df0c2
public.ecr.aws/lambda/java:21 public.ecr.aws/lambda/java@sha256:8b58086b1c73169634763186bbe054b54f8060105ce1e052e8f884b8385df0c2
public.ecr.aws/lambda/dotnet:latest public.ecr.aws/lambda/dotnet@sha256:04792c10fd9b4c9c978534574609b367b9eb195acc1c9a4d7d74a0efef31858b
public.ecr.aws/lambda/dotnet:8 public.ecr.aws/lambda/dotnet@sha256:04792c10fd9b4c9c978534574609b367b9eb195acc1c9a4d7d74a0efef31858b

Description

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

Remediation Steps

  • Update the affected package libxml2 from version 2.10.4-1.amzn2023.0.6 to 2.10.4-1.amzn2023.0.7.

About this issue

  • This issue may not contain all the information about the CVE nor the images it affects.
  • This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
  • For more, visit Lambda Watchdog.
  • This issue was created automatically by Lambda Watchdog.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@the-lambda-watchdog