CVE-2024-9676
Published: Oct 15, 2024
Modified: Apr 24, 2026
CVSS v3.1
6.5
Description
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
| Vendor | Product | Versions |
|---|---|---|
Unknown | containers/storage | affected 0 - < 1.55.1 |
Red Hat | Red Hat Enterprise Linux 8 | unaffected 8100020241101101019.afee755d - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 4:4.9.4-16.el9_4 - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 4:5.2.2-9.el9_5 - < * |
Red Hat | Red Hat Enterprise Linux 9 | unaffected 2:1.37.5-1.el9_5 - < * |
Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | unaffected 2:1.33.11-1.el9_4 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.12 | unaffected 0:1.25.5-30.rhaos4.12.git53dc492.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.13 | unaffected 0:1.26.5-26.rhaos4.13.giteb3d487.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.14 | unaffected 0:1.27.8-12.rhaos4.14.git7597c43.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.14 | unaffected v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.15 | unaffected 0:1.28.11-5.rhaos4.15.git35a2431.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.15 | unaffected v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.16 | unaffected 0:1.29.9-6.rhaos4.16.gite7bd45a.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.16 | unaffected 4:4.9.4-12.rhaos4.16.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.16 | unaffected v4.16.0-202503121138.p0.g31c3c26.assembly.stream.el9 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.17 | unaffected 0:1.30.6-6.rhaos4.17.git6ac6e96.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.17 | unaffected 5:5.2.2-1.rhaos4.17.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.17 | unaffected v4.17.0-202501281204.p0.ga753153.assembly.stream.el9 - < * |
Red Hat | OpenShift Developer Tools and Services | All versions |
Red Hat | OpenShift Developer Tools and Services | All versions |
Red Hat | OpenShift Developer Tools and Services | All versions |
Red Hat | Red Hat Enterprise Linux 10 | All versions |
Red Hat | Red Hat Enterprise Linux 10 | All versions |
Red Hat | Red Hat Enterprise Linux 10 | All versions |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat Quay 3 | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now