DEBIAN-CVE-2024-9341

DEBIAN-CVE-2024-9341 PUBLISHED CVSS 8.199999809265137 HIGH

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:14	golang-github-containers-common	0, 0
Debian:12	golang-github-containers-common	0.52.0+ds1, 0.55.4+ds1, 0.55.4+ds1
Debian:13	golang-github-containers-common	0, 0
Debian:11	golang-github-containers-common	0.50.1+ds1, 0.51.0+ds1, 0.52.0+ds1

Timeline

Oct 1, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-9341 advisory

Open in Interactive Console →