x/vulndb: suggestion regarding GO-2025-3543 #3578
Assignees
Labels
Comments
|
Thanks @mgabeler-lee-6rs for bringing this to our attention; a change will land to fix this issue. |
|
Change https://go.dev/cl/661075 mentions this issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Report ID
GO-2025-3543
Suggestion/Comment
This report is causing false positives.
The CVE is against the
youki/libcontainerRust project, however the vulndb automation has ingested it incorrectly as being against thegb.xjqchip.workers.dev/opencontainers/runcGo module. Presumably this is because the CVE references a priorruncissue as a similar prior vulnerability.This mis-association has resulted in it thinking all versions of
runcare vulnerable, when in fact none are to this particular CVE.For reference, the actual CVE against
runcthat is being referenced as similar in this new report was CVE-2022-29162 / GO-2022-0452 and was fixed nearly two years ago.The text was updated successfully, but these errors were encountered: