INFSA-2025:7459: buildah security update
Information about definition
Identificator: INFSA-2025:7459
Type: security
Release date: 2025-07-15 19:28:53 UTC
Information about package
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Vulnerabilities description
- CVE-2025-27144
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of . characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|
Updated packages