search

kubernetes / node-problem-detector

This is a place for various problem detectors running on the Kubernetes nodes.
Apache License 2.0
2.83k stars 615 forks source link

CVE-2022-37434: zlib1g version 1:1.2.11.dfsg-1 #902

Closed levu74 closed 2 months ago

levu74 commented 2 months ago

I would like to report this CVE which is currently effect in v0.8.18

Description

The package zlib1g version 1:1.2.11.dfsg-1 was detected in APT package manager on a container image running Debian 10.1 is vulnerable to CVE-2022-37434, which exists in versions < 1:1.2.11.dfsg-1+deb10u2.

The vulnerability was found in the Official Debian Security Advisories with vendor severity: Critical (NVD severity: Critical).

This vulnerability has a known exploit available. Source: Github [1, 2, 3].

The vulnerability can be remediated by updating the package to version 1:1.2.11.dfsg-1+deb10u2 or higher, by adding the following command to the Dockerfile: RUN apt upgrade zlib1g.

levu74 commented 2 months ago

Sorry, It was my mistake when checking the version. The current version in 1.2.13 and not is vulnerable. So I closed this issue. Sorry for my inconvenience.