BuildKit possible panic when incorrect parameters sent from frontend
CVE-2024-23650

5.3MEDIUM

Key Information:

Vendor: moby
Status: buildkit
Vendor: CVE Published:; 31 January 2024

Badges

📰 News Worthy

Summary

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

Affected Version(s)

buildkit < 0.12.5

News Articles

Docker

CVE-2024-23650 CVE-2024-24557

Docker Security Advisory: Multiple Vulnerabilities in runc, BuildKit, and Moby | Docker

Docker security advisory about multiple vulnerabilities in runc, BuildKit, and Moby: We will publish patched versions of runc, BuildKit, and Moby on January 31 and release an update for Docker Desktop on February 1 to address these vulnerabilities. Additionally, our latest Moby and BuildKit release...