CVE-2024-3727 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.3 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 71%

Debian Releases

Debian Product

Codename

golang-github-containers-image

bookworm	no-dsa
bullseye	no-dsa
forky	5.38.0+ds2-2 fixed
sid	5.38.0+ds2-2 fixed
trixie	5.34.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

golang-github-opencontainers-go-digest

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
mantic	ignored
noble	needs-triage
oracular	ignored
plucky	needs-triage
questing	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

buildah

suse enterprise sap 15 SP5	1.35.4-150500.3.10.1 fixed
suse enterprise sap 15 SP6	1.35.4-150500.3.10.1 fixed
suse enterprise sap 15 SP7	1.35.4-150500.3.10.1 fixed
suse enterprise server 15 SP3	1.35.4-150300.8.25.1 fixed
suse enterprise server 15 SP4	1.35.4-150400.3.30.1 fixed
suse enterprise server 15 SP5	1.35.4-150500.3.10.1 fixed
suse enterprise server 15 SP6	1.35.4-150500.3.10.1 fixed
suse enterprise server 15 SP7	1.35.4-150500.3.10.1 fixed

containerized-data-importer-manifests

suse enterprise sap 15 SP5	1.58.0-150500.6.15.1 fixed
suse enterprise sap 15 SP6	1.58.0-150600.3.3.2 fixed
suse enterprise sap 15 SP7	1.58.0-150600.3.3.2 fixed
suse enterprise server 15 SP5	1.58.0-150500.6.15.1 fixed
suse enterprise server 15 SP6	1.58.0-150600.3.3.2 fixed
suse enterprise server 15 SP7	1.58.0-150600.3.3.2 fixed

podman

suse enterprise sap 15 SP5	4.9.5-150500.3.12.1 fixed
suse enterprise sap 15 SP6	4.9.5-150500.3.12.1 fixed
suse enterprise sap 15 SP7	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP2	2.1.1-150100.4.31.1 fixed
suse enterprise server 15 SP3	4.9.5-150300.9.31.1 fixed
suse enterprise server 15 SP4	4.9.5-150400.4.27.1 fixed
suse enterprise server 15 SP5	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP6	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP7	4.9.5-150500.3.12.1 fixed

podman-cni-config

suse enterprise server 15 SP2

2.1.1-150100.4.31.1

fixed

podman-docker

suse enterprise sap 15 SP5	4.9.5-150500.3.12.1 fixed
suse enterprise sap 15 SP6	4.9.5-150500.3.12.1 fixed
suse enterprise sap 15 SP7	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP4	4.9.5-150400.4.27.1 fixed
suse enterprise server 15 SP5	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP6	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP7	4.9.5-150500.3.12.1 fixed

podman-remote

suse enterprise sap 15 SP5	4.9.5-150500.3.12.1 fixed
suse enterprise sap 15 SP6	4.9.5-150500.3.12.1 fixed
suse enterprise sap 15 SP7	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP3	4.9.5-150300.9.31.1 fixed
suse enterprise server 15 SP4	4.9.5-150400.4.27.1 fixed
suse enterprise server 15 SP5	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP6	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP7	4.9.5-150500.3.12.1 fixed

podmansh

suse enterprise sap 15 SP5	4.9.5-150500.3.12.1 fixed
suse enterprise sap 15 SP6	4.9.5-150500.3.12.1 fixed
suse enterprise sap 15 SP7	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP5	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP6	4.9.5-150500.3.12.1 fixed
suse enterprise server 15 SP7	4.9.5-150500.3.12.1 fixed

skopeo

suse enterprise desktop 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise desktop 15 SP7	1.14.4-150300.11.11.1 fixed
suse enterprise sap 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise sap 15 SP7	1.14.4-150300.11.11.1 fixed
suse enterprise server 15 SP2	0.1.41-150000.4.23.1 fixed
suse enterprise server 15 SP3	1.14.4-150300.11.11.1 fixed
suse enterprise server 15 SP4	1.14.4-150300.11.11.1 fixed
suse enterprise server 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise server 15 SP7	1.14.4-150300.11.11.1 fixed

skopeo-bash-completion

suse enterprise desktop 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise desktop 15 SP7	1.14.4-150300.11.11.1 fixed
suse enterprise sap 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise sap 15 SP7	1.14.4-150300.11.11.1 fixed
suse enterprise server 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise server 15 SP7	1.14.4-150300.11.11.1 fixed

skopeo-zsh-completion

suse enterprise desktop 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise desktop 15 SP7	1.14.4-150300.11.11.1 fixed
suse enterprise sap 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise sap 15 SP7	1.14.4-150300.11.11.1 fixed
suse enterprise server 15 SP6	1.14.4-150300.11.11.1 fixed
suse enterprise server 15 SP7	1.14.4-150300.11.11.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

buildah

RHEL 9

2:1.37.2-1.el9

fixed

buildah-tests

RHEL 9

2:1.37.2-1.el9

fixed

podman

RHEL 9

2:5.2.2-1.el9

fixed

podman-docker

RHEL 9

2:5.2.2-1.el9

fixed

podman-plugins

RHEL 9

2:5.2.2-1.el9

fixed

podman-remote

RHEL 9

2:5.2.2-1.el9

fixed

podman-tests

RHEL 9

2:5.2.2-1.el9

fixed

skopeo

RHEL 9

2:1.16.1-1.el9

fixed

skopeo-tests

RHEL 9

2:1.16.1-1.el9

fixed

Common Weakness Enumeration

CWE-354 - Improper Validation of Integrity Check Value
The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

References

https://access.redhat.com/errata/RHSA-2024:0045

https://access.redhat.com/errata/RHSA-2024:3718

https://access.redhat.com/errata/RHSA-2024:4159

https://access.redhat.com/errata/RHSA-2024:4613

https://access.redhat.com/errata/RHSA-2024:4850

https://access.redhat.com/errata/RHSA-2024:4960

https://access.redhat.com/errata/RHSA-2024:5258

https://access.redhat.com/errata/RHSA-2024:5951

https://access.redhat.com/errata/RHSA-2024:6054

https://access.redhat.com/errata/RHSA-2024:6122

https://access.redhat.com/errata/RHSA-2024:6708

https://access.redhat.com/errata/RHSA-2024:6818

https://access.redhat.com/errata/RHSA-2024:6824

https://access.redhat.com/errata/RHSA-2024:7164

https://access.redhat.com/errata/RHSA-2024:7174

https://access.redhat.com/errata/RHSA-2024:7182

https://access.redhat.com/errata/RHSA-2024:7187

https://access.redhat.com/errata/RHSA-2024:7922

https://access.redhat.com/errata/RHSA-2024:7941

https://access.redhat.com/errata/RHSA-2024:8260

https://access.redhat.com/errata/RHSA-2024:8425

https://access.redhat.com/errata/RHSA-2024:9097

https://access.redhat.com/errata/RHSA-2024:9098

https://access.redhat.com/errata/RHSA-2024:9102

https://access.redhat.com/errata/RHSA-2024:9960

https://access.redhat.com/security/cve/CVE-2024-3727

https://bugzilla.redhat.com/show_bug.cgi?id=2274767

https://access.redhat.com/errata/RHSA-2024:0045

https://access.redhat.com/errata/RHSA-2024:4159

https://access.redhat.com/errata/RHSA-2024:4613

https://access.redhat.com/security/cve/CVE-2024-3727

https://bugzilla.redhat.com/show_bug.cgi?id=2274767

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/