CVE-2022-4123

NameCVE-2022-4123
DescriptionA flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-github-containers-buildah (PTS)bullseye1.19.6+dfsg1-1vulnerable
bookworm1.28.2+ds1-3vulnerable
trixie1.33.5+ds1-4vulnerable
sid1.33.7+ds1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-github-containers-buildahsource(unstable)(unfixed)unimportant

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2144989
Negligible security impact
Search for package or bug name: Reporting problems