INFCSA-2024:11217: skopeo security update
Information about definition
Identificator: INFCSA-2024:11217
Type: security
Release date: 2025-09-24 19:52:27 UTC
Information about package
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Vulnerabilities description
- CVE-2024-34156
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-34156
|
no information | 7.5 | no information |
Updated packages
Preparing to download...