CVE-2025-4802 (HIGH): detected in Lambda Docker Images

4 months ago 10

CVE Details

CVE IDSeverityAffected PackageInstalled VersionFixed VersionDate PublishedDate of Scan
CVE-2025-4802 HIGH glibc 2.34-117.amzn2023.0.1 2.34-196.amzn2023.0.1 2025-05-16T20:15:22.28Z 2025-06-11T10:18:22.785480155Z

Affected Docker Images

Image NameSHA
public.ecr.aws/lambda/provided:latest public.ecr.aws/lambda/provided@sha256:fed9eb1f995d9c1f714794e3c2223fd5a97990022eedbab6f6f0d711ba888ac6
public.ecr.aws/lambda/provided:al2023 public.ecr.aws/lambda/provided@sha256:fed9eb1f995d9c1f714794e3c2223fd5a97990022eedbab6f6f0d711ba888ac6
public.ecr.aws/lambda/python:latest public.ecr.aws/lambda/python@sha256:4a4ca5ff3639ba963e218fa66417fbcdfa19a03fd71c5011acf4e4eed542392e
public.ecr.aws/lambda/python:3.13 public.ecr.aws/lambda/python@sha256:4a4ca5ff3639ba963e218fa66417fbcdfa19a03fd71c5011acf4e4eed542392e
public.ecr.aws/lambda/python:3.12 public.ecr.aws/lambda/python@sha256:594f15713623d599aa3d2cefe4e239e40ee90bf4182c07541b517acda04f0b3f
public.ecr.aws/lambda/nodejs:latest public.ecr.aws/lambda/nodejs@sha256:2390a1ca75817a3c88c822a17999277cb001ab18850bbcad1158fba46355aa10
public.ecr.aws/lambda/nodejs:22 public.ecr.aws/lambda/nodejs@sha256:2390a1ca75817a3c88c822a17999277cb001ab18850bbcad1158fba46355aa10
public.ecr.aws/lambda/nodejs:20 public.ecr.aws/lambda/nodejs@sha256:8a7be548373be00ee065c4ec6be575871ccfb4ae5e53ce8206d1cce3deb71a19
public.ecr.aws/lambda/java:latest public.ecr.aws/lambda/java@sha256:fc18841a6f16c0319c6fb39cde8141cb214d66b83cf34bcd8d28c10414e95a66
public.ecr.aws/lambda/java:21 public.ecr.aws/lambda/java@sha256:fc18841a6f16c0319c6fb39cde8141cb214d66b83cf34bcd8d28c10414e95a66
public.ecr.aws/lambda/dotnet:latest public.ecr.aws/lambda/dotnet@sha256:d618d2a026733375c1987335e12075d4a96b8fd61fa225ca949b15343f2bfe9f
public.ecr.aws/lambda/dotnet:9 public.ecr.aws/lambda/dotnet@sha256:d618d2a026733375c1987335e12075d4a96b8fd61fa225ca949b15343f2bfe9f
public.ecr.aws/lambda/dotnet:8 public.ecr.aws/lambda/dotnet@sha256:40e5e68c03a8078247a382ad5fc8b26fc8cb654eaa181e6d1bca8a7e938b5b63
public.ecr.aws/lambda/ruby:latest public.ecr.aws/lambda/ruby@sha256:bc549ed217bf5f4bae4fbd6ee381e1de976e01b3e4092fb2ea84789838d518d4
public.ecr.aws/lambda/ruby:3.4 public.ecr.aws/lambda/ruby@sha256:bc549ed217bf5f4bae4fbd6ee381e1de976e01b3e4092fb2ea84789838d518d4
public.ecr.aws/lambda/ruby:3.3 public.ecr.aws/lambda/ruby@sha256:457200e65856c9739dea64b6793434e19d8bc734e5935629ab12eae31b407856

Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Remediation Steps

  • Update the affected package glibc from version 2.34-117.amzn2023.0.1 to 2.34-196.amzn2023.0.1.

About this issue

  • This issue may not contain all the information about the CVE nor the images it affects.
  • This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
  • For more, visit Lambda Watchdog.
  • This issue was created automatically by Lambda Watchdog.
Read Entire Article
  1. Homepage
  2. Technology
  3. CVE-2025-4802 (HIGH): detected in Lambda Docker Images

Related

Minisforum Stuffs an Arm Homelab in the MS-R1

Minisforum Stuffs an Arm Homelab in the MS-R1

11 minutes ago 1
Rapid method recycles nylon from fishing nets and car parts

Rapid method recycles nylon from fishing nets and car parts

12 minutes ago 1
Show HN: Tracking AI Code with Git AI

Show HN: Tracking AI Code with Git AI

12 minutes ago 0
Hostinger Web Hosting