Security Vulnerabilities Detected in Container Scan Report

[enilegu]

A recent security scan of the container image registry.access.redhat.com/ubi9/ubi:9.4 has identified multiple vulnerabilities with varying severity levels. The scan was conducted using Trivy Version: 0.60.0, and the advisories were last updated on 2025-03-25.

Summary of Findings:

• Total Vulnerabilities Detected: 134

• High Severity Vulnerabilities: 2

  • CVE-2024-12797 - Vulnerability in openssl related to raw public keys leading to potential man-in-the-middle attacks.
  • CVE-2024-56171 - Use-after-free vulnerability in libxml2 that may lead to exploitation through crafted XML documents.

• Medium Severity Vulnerabilities: 16

  • CVE-2025-0395 - Buffer overflow in glibc when the assert function fails, potentially leading to application crashes.
  • CVE-2021-3997 - Uncontrolled recursion in systemd leading to denial of service at boot time.
  • CVE-2024-10041 - Vulnerability in PAM allowing potential password leaks.
  • CVE-2024-52533 - Buffer overflow in glib2 due to off-by-one error.
  • CVE-2024-50602 - Crash in libexpat due to improper parser handling.

• Low Severity Vulnerabilities: 116

  • CVE-2022-41409 - Integer overflow vulnerability in pcre2 allowing denial of service.
  • CVE-2023-4156 - Heap out-of-bounds read flaw in gawk.
  • CVE-2022-47007 - Memory leak in gdb-gdbserver.

Action Required:

• Review the vulnerabilities listed in the scan report(especially High vulnerabilities).
• Assess the impact on the application and determine necessary remediation steps.
• Consider updating or patching affected packages to mitigate risks.

Attachments:

• Full Report can be found here

Priority: High

Please address this issue promptly to ensure the security and integrity of the application.

[enilegu]

Newer version of image is available with tag 9.5 which do not have any High Severity Vulnerabilities and have fewer Medium and Low vulnerabilities.