Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The `distroless/base-nossl` image has a few `LOW` Severity CVEs that have not been fixed yet and is blocking the CI from passing ``` envoy-proxy/gateway-dev:f6bb7f8c73cff74c0f44410c5b73d37f2178e0cc (debian 12.8) ============================================================================== Total: 7 (UNKNOWN: 0, LOW: 7, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ┌─────────┬──────────────────┬──────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼──────────────────┼──────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤ │ libc6 │ CVE-2010-4756 │ LOW │ affected │ 2.36-9+deb12u9 │ │ glibc: glob implementation can cause excessive CPU and │ │ │ │ │ │ │ │ memory consumption due to... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4756 │ │ ├──────────────────┤ │ │ ├───────────────┼─────────────────────────────────────────────────────────────┤ │ │ CVE-2018-20796 │ │ │ │ │ glibc: uncontrolled recursion in function │ │ │ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20796 │ │ ├──────────────────┤ │ │ ├───────────────┼─────────────────────────────────────────────────────────────┤ │ │ CVE-2019-1010022 │ │ │ │ │ glibc: stack guard protection bypass │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010022 │ │ ├──────────────────┤ │ │ ├───────────────┼─────────────────────────────────────────────────────────────┤ │ │ CVE-2019-1010023 │ │ │ │ │ glibc: running ldd on malicious ELF leads to code execution │ │ │ │ │ │ │ │ because of... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010023 │ │ ├──────────────────┤ │ │ ├───────────────┼─────────────────────────────────────────────────────────────┤ │ │ CVE-2019-1010024 │ │ │ │ │ glibc: ASLR bypass using cache of thread stack and heap │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010024 │ │ ├──────────────────┤ │ │ ├───────────────┼─────────────────────────────────────────────────────────────┤ │ │ CVE-2019-1010025 │ │ │ │ │ glibc: information disclosure of heap addresses of │ │ │ │ │ │ │ │ pthread_created thread │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010025 │ │ ├──────────────────┤ │ │ ├───────────────┼─────────────────────────────────────────────────────────────┤ │ │ CVE-2019-9192 │ │ │ │ │ glibc: uncontrolled recursion in function │ │ │ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9192 │ └─────────┴──────────────────┴──────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘ ``` https://github.com/envoyproxy/gateway/actions/runs/12759297476/job/35562816116 Relates to #5034 Signed-off-by: Arko Dasgupta <[email protected]> Co-authored-by: Guy Daich <[email protected]>
- Loading branch information
