Moderate severityNVD Advisory· Published Nov 29, 2024· Updated Dec 4, 2024
CVE-2024-36620
CVE-2024-36620
Description
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/moby/mobyGo | >= 25.0.0, < 26.1.0 | 26.1.0 |
Affected products
27- osv-coords26 versionspkg:apk/chainguard/amazon-cloudwatch-agent-operatorpkg:apk/chainguard/amazon-cloudwatch-agent-operator-fipspkg:apk/chainguard/gitlab-docker-machine-17.8pkg:apk/chainguard/gitlab-runner-17.8pkg:apk/chainguard/gitlab-runner-helper-17.8pkg:apk/chainguard/gitlab-runner-helper-compat-17.8pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-17.8pkg:apk/chainguard/gitlab-runner-oci-entrypoint-17.8pkg:apk/chainguard/prometheus-2.51pkg:apk/chainguard/promxypkg:apk/chainguard/promxy-fipspkg:apk/chainguard/pulumipkg:apk/chainguard/pulumi-language-gopkg:apk/chainguard/pulumi-language-nodejspkg:apk/chainguard/pulumi-language-pythonpkg:apk/chainguard/vault-1.16pkg:apk/chainguard/vault-1.17pkg:apk/wolfi/amazon-cloudwatch-agent-operatorpkg:apk/wolfi/prometheus-2.51pkg:apk/wolfi/promxypkg:apk/wolfi/pulumipkg:apk/wolfi/pulumi-language-gopkg:apk/wolfi/pulumi-language-nodejspkg:apk/wolfi/pulumi-language-pythonpkg:golang/github.com/moby/mobypkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 3.3.0-r1+ 25 more
- (no CPE)range: < 3.3.0-r1
- (no CPE)range: < 3.3.0-r1
- (no CPE)range: < 17.8.4-r0
- (no CPE)range: < 17.8.4-r0
- (no CPE)range: < 17.8.4-r0
- (no CPE)range: < 17.8.4-r0
- (no CPE)range: < 17.8.4-r0
- (no CPE)range: < 17.8.4-r0
- (no CPE)range: < 2.51.2-r48
- (no CPE)range: < 0.0.93-r4
- (no CPE)range: < 0.0.93-r4
- (no CPE)range: < 3.142.0-r1
- (no CPE)range: < 3.142.0-r1
- (no CPE)range: < 3.142.0-r1
- (no CPE)range: < 3.142.0-r1
- (no CPE)range: < 1.16.3-r26
- (no CPE)range: < 1.17.6-r18
- (no CPE)range: < 3.3.0-r1
- (no CPE)range: < 2.51.2-r48
- (no CPE)range: < 0.0.93-r4
- (no CPE)range: < 3.142.0-r1
- (no CPE)range: < 3.142.0-r1
- (no CPE)range: < 3.142.0-r1
- (no CPE)range: < 3.142.0-r1
- (no CPE)range: >= 25.0.0, < 26.1.0
- (no CPE)range: < 0.0.20241209T183251-1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-q59j-vv4j-v33cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-36620ghsaADVISORY
- gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2ghsaWEB
- github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.goghsaWEB
- github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4ghsaWEB
- pkg.go.dev/vuln/GO-2024-3311ghsaWEB
News mentions
0No linked articles in our index yet.