CVE-2024-3727

Aliases:GHSA-6wvf-f2vw-3425GO-2024-2842

Advisory lineage Upstream: 0 Downstream: 39

Downstream

DEBIAN-CVE-2024-3727 MGASA-2024-0343 OPENSUSE-SU-2024:0244-1 OPENSUSE-SU-2024:13951-1 OPENSUSE-SU-2024:13952-1 OPENSUSE-SU-2024:13960-1

Deferred

Published: 09 May 2024, 14:57

Last modified:02 Jun 2026, 17:34

Vulnerability Summary

Overall Risk (default)

medium

33/100

CVSS Score

8.3 HIGH

v3.1 (cve.org)

EPSS Score

0.68% LOW

1% probability +0.12%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 May 2024, 14:57

Published

Vulnerability first disclosed

02 Jun 2026, 17:34

Last Modified

Vulnerability information updated

Description

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

CVSS Metrics

v3.1•HIGH•Score: 8.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.68%• Percentile: 72%

Techniques & Countermeasures

CWE-354•Improper Validation of Integrity Check Value
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Affected Systems

github.com/containers•image
< 5.30.1
github.com/containers/image•v5
< 5.29.3 | ≥ 5.30.0, < 5.30.1