Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:Use After Free

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
  NVD Description
  
  Note: Versions mentioned in the description apply to the upstream tiff package.

DISPUTED In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
  NVD Description
  
  Note: Versions mentioned in the description apply to the upstream libsepol package.

The CIL compiler in SELinux 3.2 has a use-after-free in cil_verify_classperms (called from verify_map_perm_classperms and hashtab_map).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
  NVD Description
  
  Note: Versions mentioned in the description apply to the upstream libsepol package.

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
  NVD Description
  
  Note: Versions mentioned in the description apply to the upstream libsepol package.

The CIL compiler in SELinux 3.2 has a use-after-free in cil_verify_classperms (called from cil_verify_classpermission and __cil_pre_verify_helper).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
  NVD Description
  
  Note: Versions mentioned in the description apply to the upstream sqlite3 package.

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
  NVD Description
  
  Note: Versions mentioned in the description apply to the upstream libxkbcommon package.

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

teerth04 / ticket