GitLab

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:Memory Leak

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): ><232-25+deb9u8
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package. See How to fix? for Debian:9 relevant versions.

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the _CMDLINE= entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

References

• Debian Security Announcement
• Debian Security Tracker
• REDHAT
• RedHat Bugzilla Bug
• RHSA Security Advisory
• Security Focus

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libpng1.6 package.

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

References

• Debian Security Tracker
• GitHub Issue
• Oracle Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---

Component Details

• Exploit Maturity: no-known-exploit
• Vulnerable Package: -
• Current Version: -
• Vulnerable Version(s): >*
• Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream tiff package.

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

References

• ADVISORY
• Bugtraq Mailing List
• CONFIRM
• Debian Security Tracker
• GENTOO
• MISC
• MISC
• MLIST
• OpenSuse Security Announcement
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Origin : null Type : null Image Id : null

Snyk Project Status: Active

---

---