CVE-2024-3727

Containers/image: digest type does not guarantee valid type

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

INFO

Published Date :

2024-05-09T14:57:21.327Z

Last Modified :

2026-04-29T18:07:23.359Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2024-3727 vulnerability.

Vendors	Products
Redhat	Acm Advanced Cluster Security Ansible Automation Platform Assisted Installer Container Native Virtualization Enterprise Linux Multicluster Engine Ocp Tools Openshift Openshift Api Data Protection Openshift Devspaces Openshift Ironic Openshift Sandboxed Containers Openstack Quay Rhmt Serverless Source To Image

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3727.

URL	Resource
https://access.redhat.com/errata/RHSA-2024:0045
https://access.redhat.com/errata/RHSA-2024:3718
https://access.redhat.com/errata/RHSA-2024:4159
https://access.redhat.com/errata/RHSA-2024:4613
https://access.redhat.com/errata/RHSA-2024:4850
https://access.redhat.com/errata/RHSA-2024:4960
https://access.redhat.com/errata/RHSA-2024:5258
https://access.redhat.com/errata/RHSA-2024:5951
https://access.redhat.com/errata/RHSA-2024:6054
https://access.redhat.com/errata/RHSA-2024:6122
https://access.redhat.com/errata/RHSA-2024:6708
https://access.redhat.com/errata/RHSA-2024:6818
https://access.redhat.com/errata/RHSA-2024:6824
https://access.redhat.com/errata/RHSA-2024:7164
https://access.redhat.com/errata/RHSA-2024:7174
https://access.redhat.com/errata/RHSA-2024:7182
https://access.redhat.com/errata/RHSA-2024:7187
https://access.redhat.com/errata/RHSA-2024:7922
https://access.redhat.com/errata/RHSA-2024:7941
https://access.redhat.com/errata/RHSA-2024:8260
https://access.redhat.com/errata/RHSA-2024:8425
https://access.redhat.com/errata/RHSA-2024:9097
https://access.redhat.com/errata/RHSA-2024:9098
https://access.redhat.com/errata/RHSA-2024:9102
https://access.redhat.com/errata/RHSA-2024:9960
https://access.redhat.com/security/cve/CVE-2024-3727
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
https://lists.fedoraproject.org/archives/list/[email protected]/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP/
https://lists.fedoraproject.org/archives/list/[email protected]/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
https://lists.fedoraproject.org/archives/list/[email protected]/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT/
https://lists.fedoraproject.org/archives/list/[email protected]/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC/
https://lists.fedoraproject.org/archives/list/[email protected]/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV/
https://lists.fedoraproject.org/archives/list/[email protected]/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN/
https://nvd.nist.gov/vuln/detail/CVE-2024-3727
https://www.cve.org/CVERecord?id=CVE-2024-3727

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact