Vulnerability Report: GO-2022-0417

CVE-2022-27651, GHSA-c3g4-w6cv-6v7h
Affects: github.com/containers/buildah
Published: Jul 01, 2022
Modified: May 20, 2024

Containers are created with non-empty inheritable Linux process capabilities, permitting programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug does not affect the container security sandbox, as the inheritable set never contains more capabilities than are included in the container's bounding set.

Affected Packages

Path

Go Versions

Symbols
github.com/containers/buildah

before v1.25.0
- Builder.Run
github.com/containers/buildah/chroot

before v1.25.0
1 unexported affected symbols
- setCapabilities

Aliases

CVE-2022-27651
GHSA-c3g4-w6cv-6v7h

References

https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
https://bugzilla.redhat.com/show_bug.cgi?id=2066840
https://vuln.go.dev/ID/GO-2022-0417.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL