Skip to content

Commit

Permalink
document that CVE-2024-33599 does not affect Kiali (#845)
Browse files Browse the repository at this point in the history
  • Loading branch information
jmazzitelli authored Dec 23, 2024
1 parent cffaa3f commit 1ad8429
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions data/security/cve.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# The Reported Kiali CVEs for which Kiali is confirmed to not be vulnerable
versionRange:
- cve: "CVE-2024-33599"
severity: high
description: "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow"
notes: "Kiali is not affected. As per the CVE description (see https://www.cve.org/CVERecord?id=CVE-2024-33599), this vulnerability is only present in the nscd binary. The Kiali Server image does not have this binary; run this command to confirm: podman run --user root -it --rm --entrypoint '' quay.io/kiali/kiali:v2.2.0 ls -R / | grep nscd"
- cve: "CVE-2024-2961"
severity: n/a
description: "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set"
Expand Down

0 comments on commit 1ad8429

Please sign in to comment.