New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2019-25067 #21628
Comments
Podman has not used varlink for many years. |
Thanks for the feedback. We are happy to update the CVE entry as quickly as possible. Yes, the assignment was based on the disclosure of https://www.exploit-db.com/exploits/47500 It mentions to have been tested on version 1.5.1 which was released in August 2019: https://github.com/containers/podman/releases/tag/v1.5.1 To me it is unclear whether CVE-2019-25067 is a duplicate of CVE-2019-10152 or if it is a false-positive at all. |
Since VulDB assigned and wrote the description for CVE-2019-25067, is VulDB able to determine if it duplicates CVE-2019-10152 (and possibly other CVEs)? Can your CNA determine the "unknown part of the component API" mentioned in CVE-2019-25067?
|
Was podman contacted about CVE assignment CVE-2019-25067 [0]? Do you agree with this assignment?
My hunch is that a CNA assigned this CVE based on an entry in exploit-db [1]. I didn't look closely, but this exploit mentions several vulnerabilities which may have already been addressed, such as CVE-2019-10152 [2].
[0] https://nvd.nist.gov/vuln/detail/CVE-2019-25067
[1] https://www.exploit-db.com/exploits/47500
[2] https://nvd.nist.gov/vuln/detail/CVE-2019-10152
The text was updated successfully, but these errors were encountered: