VulnerableCode Package Details - pkg:deb/debian/golang-github-containers-storage@1.24.8%2Bdfsg1-1%2Bdeb11u1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/golang-github-containers-storage@1.24.8%2Bdfsg1-1%2Bdeb11u1

purl	pkg:deb/debian/golang-github-containers-storage@1.24.8%2Bdfsg1-1%2Bdeb11u1

Next non-vulnerable version	1.48.1+ds1-2~bpo12+1
Latest non-vulnerable version	1.48.1+ds1-2~bpo12+1
Risk	3.1

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-pqs8-s3dm-7ff2 Aliases: CVE-2021-20291 GHSA-7qw8-847f-pggm	Improper Locking in github.com/containers/storage A deadlock vulnerability was found in `github.com/containers/storage` in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).	1.43.0+ds1-8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zcxt-ccb2-eufc Aliases: CVE-2024-9676	Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)	1.48.1+ds1-2~bpo12+1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T08:59:06.665745+00:00	Debian Importer	Affected by	VCID-pqs8-s3dm-7ff2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:32.181900+00:00	Debian Importer	Affected by	VCID-zcxt-ccb2-eufc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:01:34.252569+00:00	Debian Importer	Affected by	VCID-pqs8-s3dm-7ff2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:55:07.568124+00:00	Debian Importer	Affected by	VCID-zcxt-ccb2-eufc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-04T17:53:31.792452+00:00	Debian Importer	Affected by	VCID-pqs8-s3dm-7ff2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T17:07:43.005941+00:00	Debian Importer	Affected by	VCID-zcxt-ccb2-eufc	https://security-tracker.debian.org/tracker/data/json	38.1.0