Trivy not found CVE-2024-3094

[prshoper]

Description

trivy image --scanners vuln,misconfig,secret debian:experimental-20240311@sha256:16cc2b09c44d991d36f63153f13a7c98fb7da6bd2ba9d7cc0f48baacb7484970
2024-04-02T11:28:15.988+0200 INFO Vulnerability scanning is enabled
2024-04-02T11:28:15.988+0200 INFO Misconfiguration scanning is enabled
2024-04-02T11:28:15.989+0200 INFO Secret scanning is enabled
2024-04-02T11:28:15.989+0200 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-04-02T11:28:15.989+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
2024-04-02T11:28:18.831+0200 INFO Detected OS: debian
2024-04-02T11:28:18.831+0200 WARN This OS version is not on the EOL list: debian trixie/sid
2024-04-02T11:28:18.831+0200 INFO Detecting Debian vulnerabilities...
2024-04-02T11:28:18.831+0200 INFO Number of language-specific files: 0
2024-04-02T11:28:18.831+0200 INFO Detected config files: 0

debian:experimental-20240311@sha256:16cc2b09c44d991d36f63153f13a7c98fb7da6bd2ba9d7cc0f48baacb7484970 (debian trixie/sid)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Desired Behavior

Find CVE-2024-3094

Grype output for same image:

grype debian:experimental-20240311@sha256:16cc2b09c44d991d36f63153f13a7c98fb7da6bd2ba9d7cc0f48baacb7484970
✔ Vulnerability DB [updated]
✔ Pulled image
✔ Loaded image debian:experimental-20240311@sha256:16cc2b09c44d991d36f63153f13a7c98fb7da6bd2ba9d7cc0f48baacb7484970
✔ Parsed image sha256:73f666b9d7eeb0303c4be0379f18a1040c0e1fd3486d4e74341b43d0a324b1fb
✔ Cataloged contents fa9db625a471472c7aa3fe8b4567aa36a7445a4d1ad94a8efeecb8b26f669230
├── ✔ Packages [87 packages]
├── ✔ File digests [4,212 files]
├── ✔ File metadata [4,212 locations]
└── ✔ Executables [692 executables]
✔ Scanned for vulnerabilities [56 vulnerability matches]
├── by severity: 1 critical, 0 high, 4 medium, 1 low, 43 negligible (7 unknown)
└── by status: 8 fixed, 48 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
apt 2.7.13+b1 deb CVE-2011-3374 Negligible
bsdutils 1:2.39.3-10 deb CVE-2022-0563 Negligible
bsdutils 1:2.39.3-10 2.39.3-11 deb CVE-2024-28085 Unknown
coreutils 9.4-3+b1 deb CVE-2024-0684 Medium
coreutils 9.4-3+b1 deb CVE-2016-2781 Low
coreutils 9.4-3+b1 deb CVE-2017-18018 Negligible
gpgv 2.2.40-1.1+b1 deb CVE-2022-3219 Negligible
libapt-pkg6.0t64 2.7.13+b1 deb CVE-2011-3374 Negligible
libblkid1 2.39.3-10 deb CVE-2022-0563 Negligible
libblkid1 2.39.3-10 2.39.3-11 deb CVE-2024-28085 Unknown
libc-bin 2.37-15.1 deb CVE-2019-9192 Negligible
libc-bin 2.37-15.1 deb CVE-2019-1010025 Negligible
libc-bin 2.37-15.1 deb CVE-2019-1010024 Negligible
libc-bin 2.37-15.1 deb CVE-2019-1010023 Negligible
libc-bin 2.37-15.1 deb CVE-2019-1010022 Negligible
libc-bin 2.37-15.1 deb CVE-2018-20796 Negligible
libc-bin 2.37-15.1 deb CVE-2010-4756 Negligible
libc6 2.37-15.1 deb CVE-2019-9192 Negligible
libc6 2.37-15.1 deb CVE-2019-1010025 Negligible
libc6 2.37-15.1 deb CVE-2019-1010024 Negligible
libc6 2.37-15.1 deb CVE-2019-1010023 Negligible
libc6 2.37-15.1 deb CVE-2019-1010022 Negligible
libc6 2.37-15.1 deb CVE-2018-20796 Negligible
libc6 2.37-15.1 deb CVE-2010-4756 Negligible
libgcrypt20 1.10.3-2 deb CVE-2024-2236 Medium
libgcrypt20 1.10.3-2 deb CVE-2018-6829 Negligible
libgnutls30t64 3.8.3-1.1 deb CVE-2024-28835 Medium
libgnutls30t64 3.8.3-1.1 deb CVE-2024-28834 Medium
libgnutls30t64 3.8.3-1.1 deb CVE-2011-3389 Negligible
liblzma5 5.6.0-0.2 5.6.1+really5.4.5-1 deb CVE-2024-3094 Critical
libmount1 2.39.3-10 deb CVE-2022-0563 Negligible
libmount1 2.39.3-10 2.39.3-11 deb CVE-2024-28085 Unknown
libsmartcols1 2.39.3-10 deb CVE-2022-0563 Negligible
libsmartcols1 2.39.3-10 2.39.3-11 deb CVE-2024-28085 Unknown
libssl3t64 3.1.5-1.1 deb CVE-2010-0928 Negligible
libssl3t64 3.1.5-1.1 deb CVE-2007-6755 Negligible
libsystemd0 255.4-1 deb CVE-2023-31439 Negligible
libsystemd0 255.4-1 deb CVE-2023-31438 Negligible
libsystemd0 255.4-1 deb CVE-2023-31437 Negligible
libsystemd0 255.4-1 deb CVE-2013-4392 Negligible
libudev1 255.4-1 deb CVE-2023-31439 Negligible
libudev1 255.4-1 deb CVE-2023-31438 Negligible
libudev1 255.4-1 deb CVE-2023-31437 Negligible
libudev1 255.4-1 deb CVE-2013-4392 Negligible
libuuid1 2.39.3-10 deb CVE-2022-0563 Negligible
libuuid1 2.39.3-10 2.39.3-11 deb CVE-2024-28085 Unknown
login 1:4.13+dfsg1-4 deb CVE-2019-19882 Negligible
login 1:4.13+dfsg1-4 deb CVE-2007-5686 Negligible
mount 2.39.3-10 deb CVE-2022-0563 Negligible
mount 2.39.3-10 2.39.3-11 deb CVE-2024-28085 Unknown
passwd 1:4.13+dfsg1-4 deb CVE-2019-19882 Negligible
passwd 1:4.13+dfsg1-4 deb CVE-2007-5686 Negligible
perl-base 5.38.2-3.2 deb CVE-2011-4116 Negligible
tar 1.35+dfsg-3 deb CVE-2005-2541 Negligib

Actual Behavior

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Reproduction Steps

just run command

Target

Container Image

Scanner

Vulnerability

Output Format

None

Mode

Standalone

Debug Output

trivy image --scanners vuln,misconfig,secret debian:experimental-20240311@sha256:16cc2b09c44d991d36f63153f13a7c98fb7da6bd2ba9d7cc0f48baacb7484970 --debug
2024-04-02T11:29:39.543+0200	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-04-02T11:29:39.543+0200	DEBUG	Ignore statuses	{"statuses": null}
2024-04-02T11:29:39.550+0200	DEBUG	cache dir:  /Users/pawelrosada/Library/Caches/trivy
2024-04-02T11:29:39.550+0200	DEBUG	DB update was skipped because the local DB is the latest
2024-04-02T11:29:39.550+0200	DEBUG	DB Schema: 2, UpdatedAt: 2024-04-02 06:10:39.89998265 +0000 UTC, NextUpdate: 2024-04-02 12:10:39.899982419 +0000 UTC, DownloadedAt: 2024-04-02 09:18:53.214927 +0000 UTC
2024-04-02T11:29:39.550+0200	INFO	Vulnerability scanning is enabled
2024-04-02T11:29:39.550+0200	DEBUG	Vulnerability type:  [os library]
2024-04-02T11:29:39.550+0200	INFO	Misconfiguration scanning is enabled
2024-04-02T11:29:39.550+0200	DEBUG	Policies successfully loaded from disk
2024-04-02T11:29:39.550+0200	INFO	Secret scanning is enabled
2024-04-02T11:29:39.550+0200	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-04-02T11:29:39.550+0200	INFO	Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
2024-04-02T11:29:39.550+0200	DEBUG	Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-04-02T11:29:40.698+0200	DEBUG	No secret config detected: trivy-secret.yaml
2024-04-02T11:29:40.716+0200	DEBUG	The nuget packages directory couldn't be found. License search disabled
2024-04-02T11:29:40.742+0200	DEBUG	No secret config detected: trivy-secret.yaml
2024-04-02T11:29:40.938+0200	DEBUG	Image ID: sha256:661cab90af1ccd1ba977d6aa9abbc607707db8681930ac567868def8dde7d766
2024-04-02T11:29:40.938+0200	DEBUG	Diff IDs: [sha256:0f28dfebbf3451ccfe3d5b11d17bc38cc8d1c4e721b842969466dc7989d835e3 sha256:6274af744dca4b28966eb8bfa1ca7985ec8ce974f9e8e25215281d6b6c3fbf65]
2024-04-02T11:29:40.938+0200	DEBUG	Base Layers: [sha256:0f28dfebbf3451ccfe3d5b11d17bc38cc8d1c4e721b842969466dc7989d835e3]
2024-04-02T11:29:40.974+0200	INFO	Detected OS: debian
2024-04-02T11:29:40.974+0200	WARN	This OS version is not on the EOL list: debian trixie/sid
2024-04-02T11:29:40.974+0200	INFO	Detecting Debian vulnerabilities...
2024-04-02T11:29:40.974+0200	DEBUG	debian: os version: trixie/sid
2024-04-02T11:29:40.974+0200	DEBUG	debian: the number of packages: 86
2024-04-02T11:29:40.974+0200	INFO	Number of language-specific files: 0
2024-04-02T11:29:40.974+0200	INFO	Detected config files: 0

debian:experimental-20240311@sha256:16cc2b09c44d991d36f63153f13a7c98fb7da6bd2ba9d7cc0f48baacb7484970 (debian trixie/sid)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Operating System

MacOS 14.4.1 (23E224)

Version

trivy --version
Version: 0.50.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-04-02 06:10:39.89998265 +0000 UTC
  NextUpdate: 2024-04-02 12:10:39.899982419 +0000 UTC
  DownloadedAt: 2024-04-02 09:18:53.214927 +0000 UTC
Policy Bundle:
  Digest: sha256:cdff1bc8c97e4f5cd04782b057c00f5ea8cd81147a506ac4be76bef13710f2d3
  DownloadedAt: 2024-04-02 09:18:53.751355 +0000 UTC

Checklist

• Run trivy image --reset
• Read the troubleshooting

[knqyf263]

Duplicate #6418