VulnerableCode Package Details - pkg:rpm/redhat/buildah@1:1.27.0-2?arch=el9

Search for packages

Vulnerability	Summary	Fixed by
VCID-1n1h-e2p4-9yhs Aliases: CVE-2022-27191 GHSA-8c26-wmh5-6g9v	golang.org/x/crypto/ssh Denial of service via crafted Signer The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.	There are no reported fixed by versions.
VCID-35du-rm88-k7bw Aliases: CVE-2021-33195	Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.	There are no reported fixed by versions.
VCID-5wtx-278c-nycq Aliases: CVE-2021-33198	Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.	There are no reported fixed by versions.
VCID-fa27-n4rs-h7gp Aliases: CVE-2022-2990 GHSA-fjm8-m7m6-2fjp	Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.	There are no reported fixed by versions.
VCID-pqs8-s3dm-7ff2 Aliases: CVE-2021-20291 GHSA-7qw8-847f-pggm	Improper Locking in github.com/containers/storage A deadlock vulnerability was found in `github.com/containers/storage` in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).	There are no reported fixed by versions.
VCID-ttsj-3bd1-tfhu Aliases: CVE-2022-2989 GHSA-4wjj-jwc9-2x96	Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.	There are no reported fixed by versions.
VCID-z1ct-cecz-mqer Aliases: CVE-2021-33197	Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1n1h-e2p4-9yhs
Aliases:
CVE-2022-27191
GHSA-8c26-wmh5-6g9v

golang.org/x/crypto/ssh Denial of service via crafted Signer The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.