Snyk - Open Source Security

Snyk test report

June 16th 2024, 12:16:25 am (UTC+00:00)

Scanned the following path:
  • public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy (apk)
3 known vulnerabilities
22 vulnerable dependency paths
18 dependencies
Project docker-image|public.ecr.aws/docker/library/haproxy
Path public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy
Package Manager apk

Use After Free

medium severity

  • Package Manager: alpine:3.20
  • Vulnerable module: busybox/busybox
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28

Detailed paths

  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine busybox/busybox@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine alpine-baselayout/alpine-baselayout@3.6.5-r0 busybox/busybox-binsh@1.36.1-r28 busybox/busybox@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine busybox/busybox-binsh@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine alpine-baselayout/alpine-baselayout@3.6.5-r0 busybox/busybox-binsh@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine ca-certificates/ca-certificates@20240226-r0 busybox/busybox-binsh@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine busybox/ssl_client@1.36.1-r28

NVD Description

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. See How to fix? for Alpine:3.20 relevant fixed versions and status.

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

Remediation

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

References


Use After Free

medium severity

  • Package Manager: alpine:3.20
  • Vulnerable module: busybox/busybox
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28

Detailed paths

  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine busybox/busybox@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine alpine-baselayout/alpine-baselayout@3.6.5-r0 busybox/busybox-binsh@1.36.1-r28 busybox/busybox@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine busybox/busybox-binsh@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine alpine-baselayout/alpine-baselayout@3.6.5-r0 busybox/busybox-binsh@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine ca-certificates/ca-certificates@20240226-r0 busybox/busybox-binsh@1.36.1-r28
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine busybox/ssl_client@1.36.1-r28

NVD Description

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. See How to fix? for Alpine:3.20 relevant fixed versions and status.

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

Remediation

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

References


CVE-2024-4741

low severity

  • Package Manager: alpine:3.20
  • Vulnerable module: openssl/libcrypto3
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2

Detailed paths

  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine openssl/libcrypto3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine .haproxy-rundeps@20240524.005458 openssl/libcrypto3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine apk-tools/apk-tools@2.14.4-r0 openssl/libcrypto3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine busybox/ssl_client@1.36.1-r28 openssl/libcrypto3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine ca-certificates/ca-certificates@20240226-r0 openssl/libcrypto3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine .haproxy-rundeps@20240524.005458 openssl/libssl3@3.3.0-r2 openssl/libcrypto3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine openssl/libssl3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine .haproxy-rundeps@20240524.005458 openssl/libssl3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine apk-tools/apk-tools@2.14.4-r0 openssl/libssl3@3.3.0-r2
  • Introduced through: docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine busybox/ssl_client@1.36.1-r28 openssl/libssl3@3.3.0-r2

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.