VulnerableCode Package Details - pkg:deb/debian/golang-github-containers-storage@1.57.2%2Bds1-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/golang-github-containers-storage@1.57.2%2Bds1-1?distro=trixie

purl	pkg:deb/debian/golang-github-containers-storage@1.57.2%2Bds1-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-pqs8-s3dm-7ff2	Improper Locking in github.com/containers/storage A deadlock vulnerability was found in `github.com/containers/storage` in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).	CVE-2021-20291 GHSA-7qw8-847f-pggm
VCID-zcxt-ccb2-eufc	Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)	CVE-2024-9676

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T07:25:41.929418+00:00	Debian Importer	Fixing	VCID-zcxt-ccb2-eufc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:41.881360+00:00	Debian Importer	Fixing	VCID-pqs8-s3dm-7ff2	https://security-tracker.debian.org/tracker/data/json	38.1.0