High vulnerability CVE-2023-6246 and CVE-2023-6779

Question

High vulnerability CVE-2023-6246 and CVE-2023-6779

yarongol opened this issue 7 months ago · 1 comments

Can you please relate/help fix the following new vulnerability?
Thanks

trivy image registry.k8s.io/git-sync/git-sync:v4.2.0 --severity HIGH,CRITICAL --ignore-unfixed
2024-02-05T07:08:47.078+0200 INFO Vulnerability scanning is enabled
......

registry.k8s.io/git-sync/git-sync:v4.2.0 (debian 12.4)

Total: 2 (HIGH: 2, CRITICAL: 0)

┌─────────┬───────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼───────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ libc6 │ CVE-2023-6246 │ HIGH │ fixed │ 2.36-9+deb12u3 │ 2.36-9+deb12u4 │ glibc: heap-based buffer overflow in __vsyslog_internal() │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-6246 │
│ ├───────────────┤ │ │ │ ├───────────────────────────────────────────────────────────┤
│ │ CVE-2023-6779 │ │ │ │ │ glibc: off-by-one heap-based buffer overflow in │
│ │ │ │ │ │ │ __vsyslog_internal() │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-6779 │
└─────────┴───────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

Answer 1 · 2024-02-06T17:54:27.000Z

https://github.com/kubernetes/git-sync/releases/tag/v4.2.1