VDB
GHSA-pmf3-c36m-g5cf
GHSA-pmf3-c36m-g5cf
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Container escape at build time
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | containers/buildah | 0, 0, 1.35.0 |
| github.com | containers/podman/v4 | 0, 0, 0 |
| Go | github.com/containers/buildah | 1.32.0, 1.35.0, 1.25.0 |
| github.com | containers/podman/v4 | 0 |
| Go | github.com/containers/podman/v5 | 0 |
| github.com | containers/podman/v5 | 0, 0, 0 |
| Go | github.com/containers/podman/v4 | 0 |
| github.com | containers/podman/v5 | 0 |
| github.com | containers/buildah | 1.35.0, 1.34.0, 1.33.0 |
Timeline
- Mar 19, 2024 CVE Published
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Distribution Patch
References
- https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf url
- https://nvd.nist.gov/vuln/detail/CVE-2024-1753 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2265513 url
- https://github.com/containers/buildah product
- GitHub Advisory GHSA-pmf3-c36m-g5cf vendor-advisory
- https://github.com/containers/buildah/commit/3deda19137f5dec0285bbb832bd93c22d860b087 url
- https://github.com/containers/buildah/commit/9de9c20ff368beb84b84fe660773d352519dc1c5 url
- https://github.com/containers/buildah/commit/a030f7b8cd373075affef1f86de43a87e502f3d8 url
- https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3 url
- https://pkg.go.dev/vuln/GO-2024-2658 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP url
- https://github.com/containers/podman product
- https://access.redhat.com/security/cve/CVE-2024-1753 url
- https://access.redhat.com/errata/RHSA-2024:3254 url
- https://access.redhat.com/errata/RHSA-2024:2877 url
- https://access.redhat.com/errata/RHSA-2024:2784 url
- https://access.redhat.com/errata/RHSA-2024:2672 url
- https://access.redhat.com/errata/RHSA-2024:2669 url
…and 13 more