apk package
chainguard/datadog-agent-7.74-full
pkg:apk/chainguard/datadog-agent-7.74-full
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-39817 | Med | 5.9 | < 7.74.1-r14 | 7.74.1-r14 | May 7, 2026 | The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem. | |
| CVE-2026-33814 | Hig | 7.5 | < 7.74.1-r16 | 7.74.1-r16 | May 7, 2026 | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. | |
| CVE-2026-33811 | Hig | 7.5 | < 7.74.1-r14 | 7.74.1-r14 | May 7, 2026 | When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. | |
| CVE-2026-32287 | Hig | 7.5 | < 7.74.1-r14 | 7.74.1-r14 | Mar 26, 2026 | Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()". |
- affected < 7.74.1-r14fixed 7.74.1-r14
The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem.
- affected < 7.74.1-r16fixed 7.74.1-r16
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
- affected < 7.74.1-r14fixed 7.74.1-r14
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
- affected < 7.74.1-r14fixed 7.74.1-r14
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
Page 2 of 2