Security Vulnerabilities #369
Description
Hello @DCMattyG
We have recently executed the scanning on the images created from ipam and it looks like there are some critical vulnerabilities occurs in the code. Here is the attached screenshot of same. I have tried to create the issue in Security category, but that was going to different route. I just wanted to let you know this. Not sure if there are fixes available or you might have come across some fixes.
| Severity | CVSS | ID | Summary | Recommended action | Show details |
|---|---|---|---|---|---|
| Critical | 9.8 | CVE-2023-45853 | zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 | No fix available | |
| Critical | 9.8 | CVE-2025-6965 | sqlite: Integer Truncation in SQLite | No fix available | |
| Critical | 9.8 | CVE-2025-57807 | imagemagick: ImageMagick BlobStream Forward-Seek Under-Allocation | Update to 8:6.9.11.60+dfsg-1.3+deb11u6 | |
| Critical | 9.8 | CVE-2025-53014 | ImageMagick: ImageMagick Heap Buffer Overflow | Update to 8:6.9.11.60+dfsg-1.3+deb11u6 | |
| Critical | 9.8 | CVE-2019-8457 | sqlite: heap out-of-bound read in function rtreenode() | No fix available | |
| Critical | 9.1 | CVE-2023-23914 | curl: HSTS ignored on multiple requests | No fix available | |
| Critical | 9.8 | CVE-2023-6879 | aom: heap-buffer-overflow on frame size change | No fix available | |
| Critical | No data– | CVE-2025-7783 | form-data: Unsafe random function in form-data | Update to fixed version | |
| Critical | No data– | CVE-2024-24790 | golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses | Update to fixed version |
I can share more details if needed. Please let me know if you have any inputs