apk package
chainguard/dogstatsd-7.77
pkg:apk/chainguard/dogstatsd-7.77
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-53488 | hig | — | < 7.77.3-r17 | 7.77.3-r17 | Jun 19, 2026 | ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f | |
| CVE-2026-47262 | — | < 7.77.3-r17 | 7.77.3-r17 | Jun 19, 2026 | ### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the contai | ||
| CVE-2026-42506 | Med | 6.1 | < 7.77.3-r11 | 7.77.3-r11 | May 22, 2026 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. | |
| CVE-2026-42502 | Med | 6.1 | < 7.77.3-r11 | 7.77.3-r11 | May 22, 2026 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. | |
| CVE-2026-39821 | Cri | 9.6 | < 7.77.3-r11 | 7.77.3-r11 | May 22, 2026 | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in program | |
| CVE-2026-27136 | Med | 6.1 | < 7.77.3-r11 | 7.77.3-r11 | May 22, 2026 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. | |
| CVE-2026-25681 | Med | 6.1 | < 7.77.3-r11 | 7.77.3-r11 | May 22, 2026 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. | |
| CVE-2026-25680 | Med | 6.5 | < 7.77.3-r11 | 7.77.3-r11 | May 22, 2026 | Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. | |
| CVE-2026-46680 | hig | — | < 7.77.3-r13 | 7.77.3-r13 | May 21, 2026 | ### Impact A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the con | |
| CVE-2026-33814 | Hig | 7.5 | < 7.77.3-r10 | 7.77.3-r10 | May 7, 2026 | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. | |
| CVE-2026-29181 | Hig | 7.5 | < 7.77.3-r4 | 7.77.3-r4 | Apr 7, 2026 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many bagg | |
| CVE-2026-27141 | Hig | 7.5 | < 7.77.3-r1 | 7.77.3-r1 | Feb 26, 2026 | Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic | |
| CVE-2025-67499 | — | < 7.77.3-r14 | 7.77.3-r14 | Dec 9, 2025 | The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftabl |
- affected < 7.77.3-r17fixed 7.77.3-r17
### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f
- CVE-2026-47262Jun 19, 2026affected < 7.77.3-r17fixed 7.77.3-r17
### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the contai
- affected < 7.77.3-r11fixed 7.77.3-r11
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
- affected < 7.77.3-r11fixed 7.77.3-r11
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
- affected < 7.77.3-r11fixed 7.77.3-r11
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in program
- affected < 7.77.3-r11fixed 7.77.3-r11
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
- affected < 7.77.3-r11fixed 7.77.3-r11
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
- affected < 7.77.3-r11fixed 7.77.3-r11
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.
- affected < 7.77.3-r13fixed 7.77.3-r13
### Impact A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the con
- affected < 7.77.3-r10fixed 7.77.3-r10
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
- affected < 7.77.3-r4fixed 7.77.3-r4
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many bagg
- affected < 7.77.3-r1fixed 7.77.3-r1
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
- CVE-2025-67499Dec 9, 2025affected < 7.77.3-r14fixed 7.77.3-r14
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftabl