Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-32665 (MEDIUM): detected in Lambda Docker Images. #239

Open
the-lambda-watchdog opened this issue Feb 26, 2025 · 0 comments
Open

CVE-2023-32665 (MEDIUM): detected in Lambda Docker Images. #239

the-lambda-watchdog opened this issue Feb 26, 2025 · 0 comments

Comments

@the-lambda-watchdog
Copy link

CVE Details

CVE ID Severity Affected Package Installed Version Fixed Version Date Published Date of Scan
CVE-2023-32665 MEDIUM glib2 2.56.1-9.amzn2.0.8 2.56.1-9.amzn2.0.9 2023-09-14T20:15:09.883Z 2025-02-26T10:18:33.183255214Z

Affected Docker Images

Image Name SHA
public.ecr.aws/lambda/provided:al2 public.ecr.aws/lambda/provided@sha256:9bbb35073f927bd56532f9441498ce9c06b04fb54244c148b4400693b11641fa
public.ecr.aws/lambda/python:3.11 public.ecr.aws/lambda/python@sha256:447be677b2514e95677a56ad0807c32bf61f3757377385bceaa99f18137c1bcd
public.ecr.aws/lambda/python:3.10 public.ecr.aws/lambda/python@sha256:f5b1b5cbb2c2f856821447006ac6ff64870d0d639c05fa9546509e1e64544790
public.ecr.aws/lambda/python:3.9 public.ecr.aws/lambda/python@sha256:dc44b889161764af18484ed929cea469f9da59f26d6ce5d7d117940e50b85a63
public.ecr.aws/lambda/nodejs:18 public.ecr.aws/lambda/nodejs@sha256:ebed22079b9a4543f31b7f327de5b38d38a4f9ee6911c5ebe7a94b823d8336f6
public.ecr.aws/lambda/java:17 public.ecr.aws/lambda/java@sha256:5e75a742595ccd074c2bc03e584ef33fac28f08c1d67123d5ecfc418f09dd2ec
public.ecr.aws/lambda/java:11 public.ecr.aws/lambda/java@sha256:abf66906724dccccb11893ddddc775e11f7cda0772448777a4689ef5acba90e2
public.ecr.aws/lambda/java:8.al2 public.ecr.aws/lambda/java@sha256:a0b1f006359b83dffcac639a6c17b4cb0182a329a5d3ea97359f28b6764255d7

Description

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

Remediation Steps

  • Update the affected package glib2 from version 2.56.1-9.amzn2.0.8 to 2.56.1-9.amzn2.0.9.

About this issue

  • This issue may not contain all the information about the CVE nor the images it affects.
  • This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
  • For more, visit Lambda Watchdog.
  • This issue was created automatically by Lambda Watchdog.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@the-lambda-watchdog