CVE Vulnerabilities

CVE-2017-1002157

Use of Inherently Dangerous Function

Published: Jan 10, 2019 | Modified: Nov 21, 2024

CVSS 3.x

9.8

CRITICAL

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

7.5 HIGH

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-1002157
CWE	https://cwe.mitre.org/data/definitions/242.html

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

Weakness

The product calls a function that can never be guaranteed to work safely.

Affected Software

Name	Vendor	Start Version	End Version
Modulemd	Redhat	*	1.3.1 (including)

Potential Mitigations

References

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.