PT-2024-20002 · Buildkit+5 · Buildkit+5

Cpuguy83

Published

2024-01-31

Updated

2026-05-18

CVE-2024-23650

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.12.5

Description A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue is related to the conversion of source code to build artifacts. As a workaround, avoid using BuildKit frontends from untrusted sources.

Recommendations For versions prior to 0.12.5, update to version 0.12.5 to resolve the issue. As a temporary workaround, consider avoiding the use of BuildKit frontends from untrusted sources until the issue is resolved.

Exploit

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

ALSA-2025_16880

AZL-34080

AZL-34083

AZL-35003

AZL-35432

AZL-35438

CESA-2024_2988

CLEANSTART-2026-BK59402

CLEANSTART-2026-BN11148

CLEANSTART-2026-GY69323

CLEANSTART-2026-HI89495

CLEANSTART-2026-HL71566

CLEANSTART-2026-JD48541

CLEANSTART-2026-OS18490

CLEANSTART-2026-SB85645

CLEANSTART-2026-SP51034

CLEANSTART-2026-TD34476

CLEANSTART-2026-XL45869

CLEANSTART-2026-YB44027

CLEANSTART-2026-ZM20570

CVE-2024-23650

GHSA-9P26-698R-W4HX

GO-2024-2492

INFSA-2024_2988

OPENSUSE-SU-2024:14059-1

OPENSUSE-SU-2024:14598-1

OPENSUSE-SU-2025_0226-1

RHSA-2024:2988

RHSA-2024_2988

SUSE-SU-2025:0226-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

SUSE-SU-2025:1062-1

SUSE-SU-2025:1102-1

SUSE-SU-2025_0226-1

SUSE-SU-2026:0972-1

SUSE-SU-2026:1118-1

Affected Products

Astra Linux

Buildkit

Centos

Red Hat

Rocky Linux

Suse

PT-2024-20002 · Buildkit+5 · Buildkit+5

CVE-2024-23650

Weakness Enumeration

Related Identifiers

Affected Products

References · 399