Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-33600 (MEDIUM): detected in Lambda Docker Images. #219

Open
the-lambda-watchdog opened this issue Dec 22, 2024 · 0 comments
Open

CVE-2024-33600 (MEDIUM): detected in Lambda Docker Images. #219

the-lambda-watchdog opened this issue Dec 22, 2024 · 0 comments

Comments

@the-lambda-watchdog
Copy link

CVE Details

CVE ID Severity Affected Package Installed Version Fixed Version Date Published Date of Scan
CVE-2024-33600 MEDIUM glibc 2.26-64.amzn2.0.2 2.26-64.amzn2.0.3 2024-05-06T20:15:11.523Z 2024-12-22T10:18:41.920373529Z

Affected Docker Images

Image Name SHA
public.ecr.aws/lambda/provided:al2 public.ecr.aws/lambda/provided@sha256:3af7f44fc936d6f9775f3453d8ce593139ec023143e590e4b4b9aad97ca19b2d
public.ecr.aws/lambda/python:3.11 public.ecr.aws/lambda/python@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
public.ecr.aws/lambda/python:3.10 public.ecr.aws/lambda/python@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
public.ecr.aws/lambda/python:3.9 public.ecr.aws/lambda/python@sha256:03649e2ea73dc8827dbc78c791e609637e2e0cb428a13023121362de95b08253
public.ecr.aws/lambda/nodejs:18 public.ecr.aws/lambda/nodejs@sha256:c1196a82e95fe4ad8ee91aada7aa9f5d047798198609eed5aa48ae37c6d27c26
public.ecr.aws/lambda/java:17 public.ecr.aws/lambda/java@sha256:48c94b196b80d43228b351dbf5d0da037e500ea5c894353ef0337d205619159a
public.ecr.aws/lambda/java:11 public.ecr.aws/lambda/java@sha256:bb75c1e964688b0b6398b08175f469bdaa4a532bcc60917d28a6f1533c3cb366
public.ecr.aws/lambda/java:8.al2 public.ecr.aws/lambda/java@sha256:c9d0383112aa2d59b2fc18fa0d14f2a1eaa6b6ac005cb055a9dbaf62b078beb6
public.ecr.aws/lambda/dotnet:6 public.ecr.aws/lambda/dotnet@sha256:039db41abd97e8762ae406242f7506c2e43fc8bd824a2d78366d16556438261d
public.ecr.aws/lambda/ruby:3.2 public.ecr.aws/lambda/ruby@sha256:d977427ffa5bcbfbb2f959249e21c04ca1bbe86578383dd31dcaf549fd27d111

Description

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference. This flaw was introduced in glibc 2.15 when the
cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation Steps

  • Update the affected package glibc from version 2.26-64.amzn2.0.2 to 2.26-64.amzn2.0.3.

About this issue

  • This issue may not contain all the information about the CVE nor the images it affects.
  • This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
  • For more, visit Lambda Watchdog.
  • This issue was created automatically by Lambda Watchdog.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@the-lambda-watchdog