Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-49043 (HIGH): detected in Lambda Docker Images. #232

Open
the-lambda-watchdog opened this issue Feb 22, 2025 · 0 comments
Open

CVE-2022-49043 (HIGH): detected in Lambda Docker Images. #232

the-lambda-watchdog opened this issue Feb 22, 2025 · 0 comments

Comments

@the-lambda-watchdog
Copy link

CVE Details

CVE ID Severity Affected Package Installed Version Fixed Version Date Published Date of Scan
CVE-2022-49043 HIGH libxml2 2.10.4-1.amzn2023.0.7 2.10.4-1.amzn2023.0.8 2025-01-26T06:15:21Z 2025-02-22T10:18:28.437763784Z

Affected Docker Images

Image Name SHA
public.ecr.aws/lambda/provided:latest public.ecr.aws/lambda/provided@sha256:edcd0b012f44ce1e87bf865addb662d4be0d62b3a9d8ee72e3c4284a733343b6
public.ecr.aws/lambda/provided:al2023 public.ecr.aws/lambda/provided@sha256:edcd0b012f44ce1e87bf865addb662d4be0d62b3a9d8ee72e3c4284a733343b6
public.ecr.aws/lambda/python:latest public.ecr.aws/lambda/python@sha256:5e7e09c5bf735a8e824511117bb0e9f335b778ac2e17a07161ee1542509b98f4
public.ecr.aws/lambda/python:3.13 public.ecr.aws/lambda/python@sha256:5e7e09c5bf735a8e824511117bb0e9f335b778ac2e17a07161ee1542509b98f4
public.ecr.aws/lambda/python:3.12 public.ecr.aws/lambda/python@sha256:9e8edcbc81818fc4299e8bb08a59c944e722fcdfe15d0074901b66db1045ea38
public.ecr.aws/lambda/nodejs:latest public.ecr.aws/lambda/nodejs@sha256:1fc9848498750a3f29abd9137c19cf6cb5fc0ae9a0efe4eaf1f509966240b8c3
public.ecr.aws/lambda/nodejs:22 public.ecr.aws/lambda/nodejs@sha256:1fc9848498750a3f29abd9137c19cf6cb5fc0ae9a0efe4eaf1f509966240b8c3
public.ecr.aws/lambda/nodejs:20 public.ecr.aws/lambda/nodejs@sha256:7654dcb344a1d4c2d15177f3599324f5bd642caca9e052a3438533df9de07eee
public.ecr.aws/lambda/java:latest public.ecr.aws/lambda/java@sha256:dedda857d865e1145212e92efec045404a0449601e17b353c612b10e47b9d9cd
public.ecr.aws/lambda/java:21 public.ecr.aws/lambda/java@sha256:dedda857d865e1145212e92efec045404a0449601e17b353c612b10e47b9d9cd
public.ecr.aws/lambda/dotnet:latest public.ecr.aws/lambda/dotnet@sha256:3bbe7634791160da9cbfb32bae45a60ee6550999c545b34c208f4ad4bccc8686
public.ecr.aws/lambda/dotnet:8 public.ecr.aws/lambda/dotnet@sha256:3bbe7634791160da9cbfb32bae45a60ee6550999c545b34c208f4ad4bccc8686
public.ecr.aws/lambda/ruby:latest public.ecr.aws/lambda/ruby@sha256:55d8f5175476ef90a7d82babe25b1cfb071daea3e7e5bae57b5cb5253bdc9633
public.ecr.aws/lambda/ruby:3.3 public.ecr.aws/lambda/ruby@sha256:55d8f5175476ef90a7d82babe25b1cfb071daea3e7e5bae57b5cb5253bdc9633

Description

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

Remediation Steps

  • Update the affected package libxml2 from version 2.10.4-1.amzn2023.0.7 to 2.10.4-1.amzn2023.0.8.

About this issue

  • This issue may not contain all the information about the CVE nor the images it affects.
  • This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
  • For more, visit Lambda Watchdog.
  • This issue was created automatically by Lambda Watchdog.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@the-lambda-watchdog