apk package

chainguard/aws-network-policy-agent

pkg:apk/chainguard/aws-network-policy-agent

Vulnerabilities (26)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-45338	Med	5.3	< 1.2.0-r1	1.2.0-r1	Dec 18, 2024	An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
CVE-2024-34158	Hig	7.5	< 1.1.2-r2	1.1.2-r2	Sep 6, 2024	Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34156	Hig	7.5	< 1.1.2-r2	1.1.2-r2	Sep 6, 2024	Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
CVE-2024-34155	Med	4.3	< 1.1.2-r2	1.1.2-r2	Sep 6, 2024	Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CVE-2024-24791	Hig	7.5	< 1.1.2-r1	1.1.2-r1	Jul 2, 2024	The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co
CVE-2023-45288	Hig	7.5	< 1.1.0-r1	1.1.0-r1	Apr 4, 2024	An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

CVE-2024-45338MedDec 18, 2024
affected < 1.2.0-r1fixed 1.2.0-r1
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
CVE-2024-34158HigSep 6, 2024
affected < 1.1.2-r2fixed 1.1.2-r2
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34156HigSep 6, 2024
affected < 1.1.2-r2fixed 1.1.2-r2
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
CVE-2024-34155MedSep 6, 2024
affected < 1.1.2-r2fixed 1.1.2-r2
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CVE-2024-24791HigJul 2, 2024
affected < 1.1.2-r1fixed 1.1.2-r1
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co
CVE-2023-45288HigApr 4, 2024
affected < 1.1.0-r1fixed 1.1.0-r1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

Page 2 of 2