jsindy/bitcoind-regtest

Region: us-east-1
Scan Summary
High vulnerabilities
16
Malicious files
0
Last scan

1 year, 9 months ago
Type of scan
Prevasio CSPM
Scan duration
1 minute and 1 second
Image Details
Image URI
jsindy/bitcoind-regtest
Image tags
0.1
Digest
Created

6 years ago
Compressed size
52.28 MB
Uncompressed size
100.9 MB
OS/architecture
linux/amd64
OS distribution
ubuntu 16.04
Working directory
bitcoin
ENTRYPOINT
docker-entrypoint.sh
CMD
btc_oneshot
User
Ports
18332/tcp
18333/tcp
8332/tcp
8333/tcp
Volumes
/bitcoin
Environment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOME=/bitcoin
USER_ID=1000
GROUP_ID=1000
GOSU_VERSION=1.7
Overview
Critical
0
High
16
Medium
109
Low
82
Informational
0
Vulnerabilities (207)
Severity Name Package VersionFixed inDescription Package:version
High CVE-2019-3462 apt 1.2.241.2.29ubuntu0.1Incorrect sanitation of the 302 redirect field in HTTP transport metho ... apt:1.2.24
High CVE-2019-3462 libapt-pkg5.0 1.2.241.2.29ubuntu0.1Incorrect sanitation of the 302 redirect field in HTTP transport metho ... libapt-pkg5.0:1.2.24
High CVE-2018-1000001 libc-bin 2.23-0ubuntu92.23-0ubuntu10glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation libc-bin:2.23-0ubuntu9
High CVE-2018-1000001 libc6 2.23-0ubuntu92.23-0ubuntu10glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation libc6:2.23-0ubuntu9
High CVE-2020-1971 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.18openssl: EDIPARTYNAME NULL pointer de-reference libssl1.0.0:1.0.2g-1ubuntu4.8
High CVE-2018-16864 libsystemd0 229-4ubuntu19229-4ubuntu21.15systemd: stack overflow when calling syslog from a command with long cmdline libsystemd0:229-4ubuntu19
High CVE-2018-16865 libsystemd0 229-4ubuntu19229-4ubuntu21.15systemd: stack overflow when receiving many journald entries libsystemd0:229-4ubuntu19
High CVE-2018-16864 libudev1 229-4ubuntu19229-4ubuntu21.15systemd: stack overflow when calling syslog from a command with long cmdline libudev1:229-4ubuntu19
High CVE-2018-16865 libudev1 229-4ubuntu19229-4ubuntu21.15systemd: stack overflow when receiving many journald entries libudev1:229-4ubuntu19
High CVE-2019-13132 libzmq5 4.1.4-74.1.4-7ubuntu0.1zeromq: stack-overflow on any server protected by encryption/authentication libzmq5:4.1.4-7
High CVE-2018-1000001 multiarch-support 2.23-0ubuntu92.23-0ubuntu10glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation multiarch-support:2.23-0ubuntu9
High CVE-2020-1971 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.18openssl: EDIPARTYNAME NULL pointer de-reference openssl:1.0.2g-1ubuntu4.8
High CVE-2018-16864 systemd 229-4ubuntu19229-4ubuntu21.15systemd: stack overflow when calling syslog from a command with long cmdline systemd:229-4ubuntu19
High CVE-2018-16865 systemd 229-4ubuntu19229-4ubuntu21.15systemd: stack overflow when receiving many journald entries systemd:229-4ubuntu19
High CVE-2018-16864 systemd-sysv 229-4ubuntu19229-4ubuntu21.15systemd: stack overflow when calling syslog from a command with long cmdline systemd-sysv:229-4ubuntu19
High CVE-2018-16865 systemd-sysv 229-4ubuntu19229-4ubuntu21.15systemd: stack overflow when receiving many journald entries systemd-sysv:229-4ubuntu19
Medium CVE-2020-27350 apt 1.2.241.2.32ubuntu0.2apt: integer overflows and underflows while parsing .deb packages apt:1.2.24
Medium CVE-2020-3810 apt 1.2.241.2.32ubuntu0.1Missing input validation in the ar/tar implementations of APT before v ... apt:1.2.24
Medium CVE-2019-5094 e2fslibs 1.42.13-1ubuntu11.42.13-1ubuntu1.1e2fsprogs: Crafted ext4 partition leads to out-of-bounds write e2fslibs:1.42.13-1ubuntu1
Medium CVE-2019-5188 e2fslibs 1.42.13-1ubuntu11.42.13-1ubuntu1.2e2fsprogs: Out-of-bounds write in e2fsck/rehash.c e2fslibs:1.42.13-1ubuntu1
Medium CVE-2019-5094 e2fsprogs 1.42.13-1ubuntu11.42.13-1ubuntu1.1e2fsprogs: Crafted ext4 partition leads to out-of-bounds write e2fsprogs:1.42.13-1ubuntu1
Medium CVE-2019-5188 e2fsprogs 1.42.13-1ubuntu11.42.13-1ubuntu1.2e2fsprogs: Out-of-bounds write in e2fsck/rehash.c e2fsprogs:1.42.13-1ubuntu1
Medium CVE-2017-7526 gnupg 1.4.20-1ubuntu3.11.4.20-1ubuntu3.3libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery gnupg:1.4.20-1ubuntu3.1
Medium CVE-2018-12020 gnupg 1.4.20-1ubuntu3.11.4.20-1ubuntu3.2gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification gnupg:1.4.20-1ubuntu3.1
Medium CVE-2017-7526 gpgv 1.4.20-1ubuntu3.11.4.20-1ubuntu3.3libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery gpgv:1.4.20-1ubuntu3.1
Medium CVE-2018-12020 gpgv 1.4.20-1ubuntu3.11.4.20-1ubuntu3.2gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification gpgv:1.4.20-1ubuntu3.1
Medium CVE-2020-27350 libapt-pkg5.0 1.2.241.2.32ubuntu0.2apt: integer overflows and underflows while parsing .deb packages libapt-pkg5.0:1.2.24
Medium CVE-2020-3810 libapt-pkg5.0 1.2.241.2.32ubuntu0.1Missing input validation in the ar/tar implementations of APT before v ... libapt-pkg5.0:1.2.24
Medium CVE-2019-12900 libbz2-1.0 1.0.6-81.0.6-8ubuntu0.2bzip2: out-of-bounds write in function BZ2_decompress libbz2-1.0:1.0.6-8
Medium CVE-2017-18269 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: memory corruption in memcpy-sse2-unaligned.S libc-bin:2.23-0ubuntu9
Medium CVE-2018-11236 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow libc-bin:2.23-0ubuntu9
Medium CVE-2018-11237 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper libc-bin:2.23-0ubuntu9
Medium CVE-2018-6485 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: Integer overflow in posix_memalign in memalign functions libc-bin:2.23-0ubuntu9
Medium CVE-2020-1751 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: array overflow in backtrace functions for powerpc libc-bin:2.23-0ubuntu9
Medium CVE-2017-18269 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: memory corruption in memcpy-sse2-unaligned.S libc6:2.23-0ubuntu9
Medium CVE-2018-11236 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow libc6:2.23-0ubuntu9
Medium CVE-2018-11237 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper libc6:2.23-0ubuntu9
Medium CVE-2018-6485 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: Integer overflow in posix_memalign in memalign functions libc6:2.23-0ubuntu9
Medium CVE-2020-1751 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: array overflow in backtrace functions for powerpc libc6:2.23-0ubuntu9
Medium CVE-2019-5094 libcomerr2 1.42.13-1ubuntu11.42.13-1ubuntu1.1e2fsprogs: Crafted ext4 partition leads to out-of-bounds write libcomerr2:1.42.13-1ubuntu1
Medium CVE-2019-5188 libcomerr2 1.42.13-1ubuntu11.42.13-1ubuntu1.2e2fsprogs: Out-of-bounds write in e2fsck/rehash.c libcomerr2:1.42.13-1ubuntu1
Medium CVE-2017-10140 libdb5.3 5.3.28-115.3.28-11ubuntu0.1libdb: Reads DB_CONFIG from the current working directory libdb5.3:5.3.28-11
Medium CVE-2019-8457 libdb5.3 5.3.28-115.3.28-11ubuntu0.2sqlite: heap out-of-bound read in function rtreenode() libdb5.3:5.3.28-11
Medium CVE-2019-13627 libgcrypt20 1.6.5-2ubuntu0.31.6.5-2ubuntu0.6libgcrypt: ECDSA timing attack allowing private key leak libgcrypt20:1.6.5-2ubuntu0.3
Medium CVE-2017-14062 libidn11 1.32-3ubuntu1.11.32-3ubuntu1.2libidn2: Integer overflow in puny_decode.c/decode_digit libidn11:1.32-3ubuntu1.1
Medium CVE-2017-1000494 libminiupnpc10 1.9.20140610-2ubuntu2.16.04.11.9.20140610-2ubuntu2.16.04.2Uninitialized stack variable vulnerability in NameValueParserEndElt (u ... libminiupnpc10:1.9.20140610-2ubuntu2.16.04.1
Medium CVE-2018-1122 libprocps4 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: Local privilege escalation in top libprocps4:2:3.3.10-4ubuntu2.3
Medium CVE-2018-1123 libprocps4 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: denial of service in ps via mmap buffer overflow libprocps4:2:3.3.10-4ubuntu2.3
Medium CVE-2018-1124 libprocps4 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: Integer overflows leading to heap overflow in file2strvec libprocps4:2:3.3.10-4ubuntu2.3
Medium CVE-2018-1125 libprocps4 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: stack buffer overflow in pgrep libprocps4:2:3.3.10-4ubuntu2.3
Medium CVE-2018-1126 libprocps4 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues libprocps4:2:3.3.10-4ubuntu2.3
Medium CVE-2019-9893 libseccomp2 2.2.3-3ubuntu32.4.1-0ubuntu0.16.04.2libseccomp: incorrect generation of syscall filters in libseccomp libseccomp2:2.2.3-3ubuntu3
Medium CVE-2019-5094 libss2 1.42.13-1ubuntu11.42.13-1ubuntu1.1e2fsprogs: Crafted ext4 partition leads to out-of-bounds write libss2:1.42.13-1ubuntu1
Medium CVE-2019-5188 libss2 1.42.13-1ubuntu11.42.13-1ubuntu1.2e2fsprogs: Out-of-bounds write in e2fsck/rehash.c libss2:1.42.13-1ubuntu1
Medium CVE-2017-3736 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.9openssl: bn_sqrx8x_internal carry bug on x86_64 libssl1.0.0:1.0.2g-1ubuntu4.8
Medium CVE-2017-3737 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.10openssl: Read/write after SSL object in error state libssl1.0.0:1.0.2g-1ubuntu4.8
Medium CVE-2018-0739 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.11openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service libssl1.0.0:1.0.2g-1ubuntu4.8
Medium CVE-2019-1559 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.15openssl: 0-byte record padding oracle libssl1.0.0:1.0.2g-1ubuntu4.8
Medium CVE-2021-23841 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.19openssl: NULL pointer dereference in X509_issuer_and_serial_hash() libssl1.0.0:1.0.2g-1ubuntu4.8
Medium CVE-2017-15908 libsystemd0 229-4ubuntu19229-4ubuntu21.1systemd: Infinite loop in the dns_packet_read_type_window() function libsystemd0:229-4ubuntu19
Medium CVE-2018-1049 libsystemd0 229-4ubuntu19229-4ubuntu21.1systemd: automount: access to automounted volumes can lock up libsystemd0:229-4ubuntu19
Medium CVE-2018-15686 libsystemd0 229-4ubuntu19229-4ubuntu21.8systemd: line splitting via fgets() allows for state injection during daemon-reexec libsystemd0:229-4ubuntu19
Medium CVE-2018-15687 libsystemd0 229-4ubuntu19229-4ubuntu21.8systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges libsystemd0:229-4ubuntu19
Medium CVE-2018-15688 libsystemd0 229-4ubuntu19229-4ubuntu21.6systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling libsystemd0:229-4ubuntu19
Medium CVE-2018-16866 libsystemd0 229-4ubuntu19229-4ubuntu21.15systemd: out-of-bounds read when parsing a crafted syslog message libsystemd0:229-4ubuntu19
Medium CVE-2018-6954 libsystemd0 229-4ubuntu19229-4ubuntu21.15systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files libsystemd0:229-4ubuntu19
Medium CVE-2019-3842 libsystemd0 229-4ubuntu19229-4ubuntu21.21systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" libsystemd0:229-4ubuntu19
Medium CVE-2019-6454 libsystemd0 229-4ubuntu19229-4ubuntu21.16systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash libsystemd0:229-4ubuntu19
Medium CVE-2020-1712 libsystemd0 229-4ubuntu19229-4ubuntu21.27systemd: use-after-free when asynchronous polkit queries are performed libsystemd0:229-4ubuntu19
Medium CVE-2017-15908 libudev1 229-4ubuntu19229-4ubuntu21.1systemd: Infinite loop in the dns_packet_read_type_window() function libudev1:229-4ubuntu19
Medium CVE-2018-1049 libudev1 229-4ubuntu19229-4ubuntu21.1systemd: automount: access to automounted volumes can lock up libudev1:229-4ubuntu19
Medium CVE-2018-15686 libudev1 229-4ubuntu19229-4ubuntu21.8systemd: line splitting via fgets() allows for state injection during daemon-reexec libudev1:229-4ubuntu19
Medium CVE-2018-15687 libudev1 229-4ubuntu19229-4ubuntu21.8systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges libudev1:229-4ubuntu19
Medium CVE-2018-15688 libudev1 229-4ubuntu19229-4ubuntu21.6systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling libudev1:229-4ubuntu19
Medium CVE-2018-16866 libudev1 229-4ubuntu19229-4ubuntu21.15systemd: out-of-bounds read when parsing a crafted syslog message libudev1:229-4ubuntu19
Medium CVE-2018-6954 libudev1 229-4ubuntu19229-4ubuntu21.15systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files libudev1:229-4ubuntu19
Medium CVE-2019-3842 libudev1 229-4ubuntu19229-4ubuntu21.21systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" libudev1:229-4ubuntu19
Medium CVE-2019-6454 libudev1 229-4ubuntu19229-4ubuntu21.16systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash libudev1:229-4ubuntu19
Medium CVE-2020-1712 libudev1 229-4ubuntu19229-4ubuntu21.27systemd: use-after-free when asynchronous polkit queries are performed libudev1:229-4ubuntu19
Medium CVE-2017-18269 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: memory corruption in memcpy-sse2-unaligned.S multiarch-support:2.23-0ubuntu9
Medium CVE-2018-11236 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow multiarch-support:2.23-0ubuntu9
Medium CVE-2018-11237 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper multiarch-support:2.23-0ubuntu9
Medium CVE-2018-6485 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: Integer overflow in posix_memalign in memalign functions multiarch-support:2.23-0ubuntu9
Medium CVE-2020-1751 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: array overflow in backtrace functions for powerpc multiarch-support:2.23-0ubuntu9
Medium CVE-2017-3736 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.9openssl: bn_sqrx8x_internal carry bug on x86_64 openssl:1.0.2g-1ubuntu4.8
Medium CVE-2017-3737 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.10openssl: Read/write after SSL object in error state openssl:1.0.2g-1ubuntu4.8
Medium CVE-2018-0739 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.11openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service openssl:1.0.2g-1ubuntu4.8
Medium CVE-2019-1559 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.15openssl: 0-byte record padding oracle openssl:1.0.2g-1ubuntu4.8
Medium CVE-2021-23841 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.19openssl: NULL pointer dereference in X509_issuer_and_serial_hash() openssl:1.0.2g-1ubuntu4.8
Medium CVE-2017-12837 perl-base 5.22.1-95.22.1-9ubuntu0.2perl: Heap buffer overflow in regular expression compiler perl-base:5.22.1-9
Medium CVE-2017-12883 perl-base 5.22.1-95.22.1-9ubuntu0.2perl: Buffer over-read in regular expression parser perl-base:5.22.1-9
Medium CVE-2018-12015 perl-base 5.22.1-95.22.1-9ubuntu0.5perl: Directory traversal in Archive::Tar perl-base:5.22.1-9
Medium CVE-2018-18311 perl-base 5.22.1-95.22.1-9ubuntu0.6perl: Integer overflow leading to buffer overflow in Perl_my_setenv() perl-base:5.22.1-9
Medium CVE-2018-18312 perl-base 5.22.1-95.22.1-9ubuntu0.6perl: Heap-based buffer overflow in S_handle_regex_sets() perl-base:5.22.1-9
Medium CVE-2018-18313 perl-base 5.22.1-95.22.1-9ubuntu0.6perl: Heap-based buffer read overflow in S_grok_bslash_N() perl-base:5.22.1-9
Medium CVE-2018-18314 perl-base 5.22.1-95.22.1-9ubuntu0.6perl: Heap-based buffer overflow in S_regatom() perl-base:5.22.1-9
Medium CVE-2018-6797 perl-base 5.22.1-95.22.1-9ubuntu0.3perl: heap write overflow in regcomp.c perl-base:5.22.1-9
Medium CVE-2018-6798 perl-base 5.22.1-95.22.1-9ubuntu0.3perl: heap read overflow in regexec.c perl-base:5.22.1-9
Medium CVE-2018-6913 perl-base 5.22.1-95.22.1-9ubuntu0.3perl: heap buffer overflow in pp_pack.c perl-base:5.22.1-9
Medium CVE-2018-1122 procps 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: Local privilege escalation in top procps:2:3.3.10-4ubuntu2.3
Medium CVE-2018-1123 procps 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: denial of service in ps via mmap buffer overflow procps:2:3.3.10-4ubuntu2.3
Medium CVE-2018-1124 procps 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: Integer overflows leading to heap overflow in file2strvec procps:2:3.3.10-4ubuntu2.3
Medium CVE-2018-1125 procps 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: stack buffer overflow in pgrep procps:2:3.3.10-4ubuntu2.3
Medium CVE-2018-1126 procps 2:3.3.10-4ubuntu2.32:3.3.10-4ubuntu2.4procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues procps:2:3.3.10-4ubuntu2.3
Medium CVE-2017-17512 sensible-utils 0.0.90.0.9ubuntu0.16.04.1sensible-browser in sensible-utils before 0.0.11 does not validate str ... sensible-utils:0.0.9
Medium CVE-2017-15908 systemd 229-4ubuntu19229-4ubuntu21.1systemd: Infinite loop in the dns_packet_read_type_window() function systemd:229-4ubuntu19
Medium CVE-2018-1049 systemd 229-4ubuntu19229-4ubuntu21.1systemd: automount: access to automounted volumes can lock up systemd:229-4ubuntu19
Medium CVE-2018-15686 systemd 229-4ubuntu19229-4ubuntu21.8systemd: line splitting via fgets() allows for state injection during daemon-reexec systemd:229-4ubuntu19
Medium CVE-2018-15687 systemd 229-4ubuntu19229-4ubuntu21.8systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges systemd:229-4ubuntu19
Medium CVE-2018-15688 systemd 229-4ubuntu19229-4ubuntu21.6systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling systemd:229-4ubuntu19
Medium CVE-2018-16866 systemd 229-4ubuntu19229-4ubuntu21.15systemd: out-of-bounds read when parsing a crafted syslog message systemd:229-4ubuntu19
Medium CVE-2018-6954 systemd 229-4ubuntu19229-4ubuntu21.15systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files systemd:229-4ubuntu19
Medium CVE-2019-3842 systemd 229-4ubuntu19229-4ubuntu21.21systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" systemd:229-4ubuntu19
Medium CVE-2019-6454 systemd 229-4ubuntu19229-4ubuntu21.16systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash systemd:229-4ubuntu19
Medium CVE-2020-1712 systemd 229-4ubuntu19229-4ubuntu21.27systemd: use-after-free when asynchronous polkit queries are performed systemd:229-4ubuntu19
Medium CVE-2017-15908 systemd-sysv 229-4ubuntu19229-4ubuntu21.1systemd: Infinite loop in the dns_packet_read_type_window() function systemd-sysv:229-4ubuntu19
Medium CVE-2018-1049 systemd-sysv 229-4ubuntu19229-4ubuntu21.1systemd: automount: access to automounted volumes can lock up systemd-sysv:229-4ubuntu19
Medium CVE-2018-15686 systemd-sysv 229-4ubuntu19229-4ubuntu21.8systemd: line splitting via fgets() allows for state injection during daemon-reexec systemd-sysv:229-4ubuntu19
Medium CVE-2018-15687 systemd-sysv 229-4ubuntu19229-4ubuntu21.8systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges systemd-sysv:229-4ubuntu19
Medium CVE-2018-15688 systemd-sysv 229-4ubuntu19229-4ubuntu21.6systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling systemd-sysv:229-4ubuntu19
Medium CVE-2018-16866 systemd-sysv 229-4ubuntu19229-4ubuntu21.15systemd: out-of-bounds read when parsing a crafted syslog message systemd-sysv:229-4ubuntu19
Medium CVE-2018-6954 systemd-sysv 229-4ubuntu19229-4ubuntu21.15systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files systemd-sysv:229-4ubuntu19
Medium CVE-2019-3842 systemd-sysv 229-4ubuntu19229-4ubuntu21.21systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" systemd-sysv:229-4ubuntu19
Medium CVE-2019-6454 systemd-sysv 229-4ubuntu19229-4ubuntu21.16systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash systemd-sysv:229-4ubuntu19
Medium CVE-2020-1712 systemd-sysv 229-4ubuntu19229-4ubuntu21.27systemd: use-after-free when asynchronous polkit queries are performed systemd-sysv:229-4ubuntu19
Low CVE-2019-9924 bash 4.3-14ubuntu1.24.3-14ubuntu1.4bash: BASH_CMD is writable in restricted bash shells bash:4.3-14ubuntu1.2
Low CVE-2016-3189 libbz2-1.0 1.0.6-81.0.6-8ubuntu0.1bzip2: heap use after free in bzip2recover libbz2-1.0:1.0.6-8
Low CVE-2009-5155 libc-bin 2.23-0ubuntu92.23-0ubuntu11.3glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result libc-bin:2.23-0ubuntu9
Low CVE-2017-1000408 libc-bin 2.23-0ubuntu92.23-0ubuntu10glibc: Memory leak reachable via LD_HWCAP_MASK libc-bin:2.23-0ubuntu9
Low CVE-2017-1000409 libc-bin 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow triggerable via LD_LIBRARY_PATH libc-bin:2.23-0ubuntu9
Low CVE-2017-12133 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: Use-after-free read access in clntudp_call in sunrpc libc-bin:2.23-0ubuntu9
Low CVE-2017-15670 libc-bin 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow in glob with GLOB_TILDE libc-bin:2.23-0ubuntu9
Low CVE-2017-15804 libc-bin 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow during unescaping of user names with the ~ operator libc-bin:2.23-0ubuntu9
Low CVE-2017-16997 libc-bin 2.23-0ubuntu92.23-0ubuntu10glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries libc-bin:2.23-0ubuntu9
Low CVE-2019-19126 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries libc-bin:2.23-0ubuntu9
Low CVE-2019-9169 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read libc-bin:2.23-0ubuntu9
Low CVE-2020-10029 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions libc-bin:2.23-0ubuntu9
Low CVE-2020-1752 libc-bin 2.23-0ubuntu92.23-0ubuntu11.2glibc: use-after-free in glob() function when expanding ~user libc-bin:2.23-0ubuntu9
Low CVE-2020-6096 libc-bin 2.23-0ubuntu92.23-0ubuntu11.3glibc: signed comparison vulnerability in the ARMv7 memcpy function libc-bin:2.23-0ubuntu9
Low CVE-2009-5155 libc6 2.23-0ubuntu92.23-0ubuntu11.3glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result libc6:2.23-0ubuntu9
Low CVE-2017-1000408 libc6 2.23-0ubuntu92.23-0ubuntu10glibc: Memory leak reachable via LD_HWCAP_MASK libc6:2.23-0ubuntu9
Low CVE-2017-1000409 libc6 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow triggerable via LD_LIBRARY_PATH libc6:2.23-0ubuntu9
Low CVE-2017-12133 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: Use-after-free read access in clntudp_call in sunrpc libc6:2.23-0ubuntu9
Low CVE-2017-15670 libc6 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow in glob with GLOB_TILDE libc6:2.23-0ubuntu9
Low CVE-2017-15804 libc6 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow during unescaping of user names with the ~ operator libc6:2.23-0ubuntu9
Low CVE-2017-16997 libc6 2.23-0ubuntu92.23-0ubuntu10glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries libc6:2.23-0ubuntu9
Low CVE-2019-19126 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries libc6:2.23-0ubuntu9
Low CVE-2019-9169 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read libc6:2.23-0ubuntu9
Low CVE-2020-10029 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions libc6:2.23-0ubuntu9
Low CVE-2020-1752 libc6 2.23-0ubuntu92.23-0ubuntu11.2glibc: use-after-free in glob() function when expanding ~user libc6:2.23-0ubuntu9
Low CVE-2020-6096 libc6 2.23-0ubuntu92.23-0ubuntu11.3glibc: signed comparison vulnerability in the ARMv7 memcpy function libc6:2.23-0ubuntu9
Low CVE-2018-0495 libgcrypt20 1.6.5-2ubuntu0.31.6.5-2ubuntu0.5ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries libgcrypt20:1.6.5-2ubuntu0.3
Low CVE-2017-3735 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.9openssl: Malformed X.509 IPAdressFamily could cause OOB read libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2017-3738 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.10openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2018-0495 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.13ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2018-0732 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.13openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2018-0734 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.14openssl: timing side channel attack in the DSA signature algorithm libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2018-0737 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.13openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2018-5407 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.14openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2019-1547 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.16openssl: side-channel weak encryption vulnerability libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2019-1551 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.16openssl: Integer overflow in RSAZ modular exponentiation on x86_64 libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2019-1563 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.16openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2020-1968 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.17openssl: Information exposure when DH secret are reused across multiple TLS connections libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2021-23840 libssl1.0.0 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.19openssl: integer overflow in CipherUpdate libssl1.0.0:1.0.2g-1ubuntu4.8
Low CVE-2018-16888 libsystemd0 229-4ubuntu19229-4ubuntu21.27systemd: kills privileged process if unprivileged PIDFile was tampered libsystemd0:229-4ubuntu19
Low CVE-2019-20386 libsystemd0 229-4ubuntu19229-4ubuntu21.27systemd: memory leak in button_open() in login/logind-button.c when udev events are received libsystemd0:229-4ubuntu19
Low CVE-2018-16888 libudev1 229-4ubuntu19229-4ubuntu21.27systemd: kills privileged process if unprivileged PIDFile was tampered libudev1:229-4ubuntu19
Low CVE-2019-20386 libudev1 229-4ubuntu19229-4ubuntu21.27systemd: memory leak in button_open() in login/logind-button.c when udev events are received libudev1:229-4ubuntu19
Low CVE-2009-5155 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.3glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result multiarch-support:2.23-0ubuntu9
Low CVE-2017-1000408 multiarch-support 2.23-0ubuntu92.23-0ubuntu10glibc: Memory leak reachable via LD_HWCAP_MASK multiarch-support:2.23-0ubuntu9
Low CVE-2017-1000409 multiarch-support 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow triggerable via LD_LIBRARY_PATH multiarch-support:2.23-0ubuntu9
Low CVE-2017-12133 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: Use-after-free read access in clntudp_call in sunrpc multiarch-support:2.23-0ubuntu9
Low CVE-2017-15670 multiarch-support 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow in glob with GLOB_TILDE multiarch-support:2.23-0ubuntu9
Low CVE-2017-15804 multiarch-support 2.23-0ubuntu92.23-0ubuntu10glibc: Buffer overflow during unescaping of user names with the ~ operator multiarch-support:2.23-0ubuntu9
Low CVE-2017-16997 multiarch-support 2.23-0ubuntu92.23-0ubuntu10glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries multiarch-support:2.23-0ubuntu9
Low CVE-2019-19126 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries multiarch-support:2.23-0ubuntu9
Low CVE-2019-9169 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read multiarch-support:2.23-0ubuntu9
Low CVE-2020-10029 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions multiarch-support:2.23-0ubuntu9
Low CVE-2020-1752 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.2glibc: use-after-free in glob() function when expanding ~user multiarch-support:2.23-0ubuntu9
Low CVE-2020-6096 multiarch-support 2.23-0ubuntu92.23-0ubuntu11.3glibc: signed comparison vulnerability in the ARMv7 memcpy function multiarch-support:2.23-0ubuntu9
Low CVE-2017-3735 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.9openssl: Malformed X.509 IPAdressFamily could cause OOB read openssl:1.0.2g-1ubuntu4.8
Low CVE-2017-3738 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.10openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 openssl:1.0.2g-1ubuntu4.8
Low CVE-2018-0495 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.13ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries openssl:1.0.2g-1ubuntu4.8
Low CVE-2018-0732 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.13openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang openssl:1.0.2g-1ubuntu4.8
Low CVE-2018-0734 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.14openssl: timing side channel attack in the DSA signature algorithm openssl:1.0.2g-1ubuntu4.8
Low CVE-2018-0737 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.13openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys openssl:1.0.2g-1ubuntu4.8
Low CVE-2018-5407 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.14openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) openssl:1.0.2g-1ubuntu4.8
Low CVE-2019-1547 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.16openssl: side-channel weak encryption vulnerability openssl:1.0.2g-1ubuntu4.8
Low CVE-2019-1551 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.16openssl: Integer overflow in RSAZ modular exponentiation on x86_64 openssl:1.0.2g-1ubuntu4.8
Low CVE-2019-1563 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.16openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey openssl:1.0.2g-1ubuntu4.8
Low CVE-2020-1968 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.17openssl: Information exposure when DH secret are reused across multiple TLS connections openssl:1.0.2g-1ubuntu4.8
Low CVE-2021-23840 openssl 1.0.2g-1ubuntu4.81.0.2g-1ubuntu4.19openssl: integer overflow in CipherUpdate openssl:1.0.2g-1ubuntu4.8
Low CVE-2016-6185 perl-base 5.22.1-95.22.1-9ubuntu0.3perl: XSLoader loads relative paths not included in @INC perl-base:5.22.1-9
Low CVE-2017-6512 perl-base 5.22.1-95.22.1-9ubuntu0.3perl-File-Path: rmtree/remove_tree race condition perl-base:5.22.1-9
Low CVE-2020-10543 perl-base 5.22.1-95.22.1-9ubuntu0.9perl: heap-based buffer overflow in regular expression compiler leads to DoS perl-base:5.22.1-9
Low CVE-2020-10878 perl-base 5.22.1-95.22.1-9ubuntu0.9perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS perl-base:5.22.1-9
Low CVE-2020-12723 perl-base 5.22.1-95.22.1-9ubuntu0.9perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS perl-base:5.22.1-9
Low CVE-2018-16888 systemd 229-4ubuntu19229-4ubuntu21.27systemd: kills privileged process if unprivileged PIDFile was tampered systemd:229-4ubuntu19
Low CVE-2019-20386 systemd 229-4ubuntu19229-4ubuntu21.27systemd: memory leak in button_open() in login/logind-button.c when udev events are received systemd:229-4ubuntu19
Low CVE-2018-16888 systemd-sysv 229-4ubuntu19229-4ubuntu21.27systemd: kills privileged process if unprivileged PIDFile was tampered systemd-sysv:229-4ubuntu19
Low CVE-2019-20386 systemd-sysv 229-4ubuntu19229-4ubuntu21.27systemd: memory leak in button_open() in login/logind-button.c when udev events are received systemd-sysv:229-4ubuntu19
Low CVE-2018-20482 tar 1.28-2.1ubuntu0.11.28-2.1ubuntu0.2tar: Infinite read loop in sparse_dump_region function in sparse.c tar:1.28-2.1ubuntu0.1
Low CVE-2019-9923 tar 1.28-2.1ubuntu0.11.28-2.1ubuntu0.2tar: null-pointer dereference in pax_decode_header in sparse.c tar:1.28-2.1ubuntu0.1
Low CVE-2016-9840 zlib1g 1:1.2.8.dfsg-2ubuntu4.11:1.2.8.dfsg-2ubuntu4.3zlib: Out-of-bounds pointer arithmetic in inftrees.c zlib1g:1:1.2.8.dfsg-2ubuntu4.1
Low CVE-2016-9841 zlib1g 1:1.2.8.dfsg-2ubuntu4.11:1.2.8.dfsg-2ubuntu4.3zlib: Out-of-bounds pointer arithmetic in inffast.c zlib1g:1:1.2.8.dfsg-2ubuntu4.1
Low CVE-2016-9842 zlib1g 1:1.2.8.dfsg-2ubuntu4.11:1.2.8.dfsg-2ubuntu4.3zlib: Undefined left shift of negative number zlib1g:1:1.2.8.dfsg-2ubuntu4.1
Low CVE-2016-9843 zlib1g 1:1.2.8.dfsg-2ubuntu4.11:1.2.8.dfsg-2ubuntu4.3zlib: Big-endian out-of-bounds pointer zlib1g:1:1.2.8.dfsg-2ubuntu4.1

Command

ADD file:39d3593ea220e686d5450244ef9dd6c934e3b288a29212d332ec33942b7bf218 in /
Vulnerable packages, installed in this layer 6 years ago
apt 1.2.24 libapt-pkg5.0 1.2.24 libc-bin 2.23-0ubuntu9 libc6 2.23-0ubuntu9 libsystemd0 229-4ubuntu19 libudev1 229-4ubuntu19 multiarch-support 2.23-0ubuntu9 systemd 229-4ubuntu19 systemd-sysv 229-4ubuntu19 e2fslibs 1.42.13-1ubuntu1 e2fsprogs 1.42.13-1ubuntu1 gnupg 1.4.20-1ubuntu3.1 gpgv 1.4.20-1ubuntu3.1 libbz2-1.0 1.0.6-8 libcomerr2 1.42.13-1ubuntu1 libdb5.3 5.3.28-11 libgcrypt20 1.6.5-2ubuntu0.3 libprocps4 2:3.3.10-4ubuntu2.3 libseccomp2 2.2.3-3ubuntu3 libss2 1.42.13-1ubuntu1

Command

RUN set -xe &&
    echo '#!/bin/sh' > /usr/sbin/policy-rc.d &&
    echo 'exit 101' >> /usr/sbin/policy-rc.d &&
    chmod +x /usr/sbin/policy-rc.d &&
    dpkg-divert --local --rename --add /sbin/initctl &&
    cp -a /usr/sbin/policy-rc.d /sbin/initctl &&
    sed -i 's/^exit.*/exit 0/' /sbin/initctl &&
    echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup &&
    echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean &&
    echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean &&
    echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean &&
    echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages &&
    echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes &&
    echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests

Command

RUN rm -rf /var/lib/apt/lists/*

Command

RUN sed -i 's/^#\s*\(deb.*universe\)$/\1/g' /etc/apt/sources.list

Command

RUN mkdir -p /run/systemd &&
    echo 'docker' > /run/systemd/container

Command

CMD ["/bin/bash"]

Command

MAINTAINER Kyle Manna <kyle@kylemanna.com>

Command

ARG USER_ID

Command

ARG GROUP_ID

Command

ENV HOME=/bitcoin

Command

ENV USER_ID=1000

Command

ENV GROUP_ID=1000

Command

RUN groupadd -g ${GROUP_ID} bitcoin &&
    useradd -u ${USER_ID} -g bitcoin -s /bin/bash -m -d /bitcoin bitcoin

Command

RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C70EF1F0305A1ADB9986DBD8D46F45428842CE5E &&
    echo "deb http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu xenial main" > /etc/apt/sources.list.d/bitcoin.list

Command

RUN apt-get update &&
    apt-get install -y --no-install-recommends bitcoind &&
    apt-get clean &&
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
Vulnerable packages, installed in this layer 6 years ago
libssl1.0.0 1.0.2g-1ubuntu4.8 libzmq5 4.1.4-7 libminiupnpc10 1.9.20140610-2ubuntu2.16.04.1

Command

ENV GOSU_VERSION=1.7

Command

RUN set -x &&
    apt-get update &&
    apt-get install -y --no-install-recommends ca-certificates wget &&
    wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" &&
    wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" &&
    export GNUPGHOME="$(mktemp -d)" &&
    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 &&
    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu &&
    rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc &&
    chmod +x /usr/local/bin/gosu &&
    gosu nobody true &&
    apt-get purge -y ca-certificates wget &&
    apt-get clean &&
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
Vulnerable packages, installed in this layer 6 years ago
openssl 1.0.2g-1ubuntu4.8 libidn11 1.32-3ubuntu1.1

Command

ADD dir:44dc435ddfdec804306206aadaf36c44aa1a3dbd05e63f2e58baf483454d7e38 in /usr/local/bin

Command

VOLUME [/bitcoin]

Command

EXPOSE 18332/tcp 18333/tcp 8332/tcp 8333/tcp

Command

WORKDIR /bitcoin

Command

COPY file:21421837b3708ff9c2d26ddb2070908d2d3b65ddc034f9d9a7320ca6f480bd5c in /usr/local/bin/

Command

ENTRYPOINT ["docker-entrypoint.sh"]

Command

CMD ["btc_oneshot"]

Command

ADD file:439f5827aebb85173c74251eff0fc7f2f52c1b8dff6d1c0e6171505c53529536 in /usr/local/bin/btc_init
Default executable script of the image: usr/local/bin/docker-entrypoint.sh

#!/bin/sh
set -e
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
    set -- btc_oneshot "$@"
fi
# allow the container to be started with `--user`
if [ "$1" = 'btc_oneshot' -a "$(id -u)" = '0' ]; then
    chown -R bitcoin .
    exec gosu bitcoin "$0" "$@"
fi
exec "$@"
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container made the following DNS requests:
RequestResponse
A → bitcoin.sipa.be CNAME → zps.sipa.be
A → 144.217.240.89
AAAA → bitcoin.sipa.be CNAME → zps.sipa.be
AAAA → 2607:5300:201:3100::3b74
A → x9.dnsseed.bluematt.me A → 5.81.226.135
A → 96.35.53.251
A → 142.112.207.147
A → 81.173.139.14
A → 81.251.223.139
A → 2.230.9.7
A → 46.19.139.118
A → 73.56.202.198
A → 182.52.17.36
A → 95.217.46.214
A → 83.243.133.228
A → 175.43.241.166
A → 18.188.71.57
A → 157.131.198.112
A → 212.5.22.123
A → 47.198.204.108
A → 195.248.240.78
A → 178.128.160.206
A → 152.231.121.236
A → 85.208.69.12
A → 173.31.2.65
AAAA → x9.dnsseed.bluematt.me AAAA → 2a01:4f8:191:62c6::2
AAAA → 2a02:1210:90e5:ee00:6d37:a744:bd4e:40ac
AAAA → 2001:268:c203:9036:4b7:c821:c04:1976
AAAA → 2001:999:780:b642:8494:e525:4b00:1a74
AAAA → 2804:7958:221:c600:d469:c18b:8bd6:edc4
AAAA → 2a01:36d:120:d004:712f:bd4c:7770:a483
AAAA → 2603:8081:2804:4253:58ee:9dbf:fde0:513b
AAAA → 2800:bf0:160:2f77:465a:4222:16d2:852d
AAAA → 2001:14bb:69b:7ad7:3dac:7eae:a6ad:fe80
AAAA → 2001:44c8:4180:6af9:81ce:4a7d:9c14:2035
AAAA → bluematt.me AAAA → 2620:6e:a003:1:0:bad:cafe:6
A → bluematt.me A → 208.68.6.54
AAAA → dashjr.org AAAA → 2001:470:88ff:2e::1
A → dashjr.org A → 192.3.11.24
A → 192.3.11.20
AAAA → x9.seed.bitcoinstats.com AAAA → 2a01:e0a:252:6bd0::2
AAAA → 2a01:4f8:141:54cd::2
AAAA → 2600:1f11:b5e:2a03:a1a9:b7de:41ff:5fc
AAAA → 2a05:d012:42a:5703:2a4:e8f5:f28f:b157
AAAA → 2804:d57:5537:4800:3e7c:3fff:fe7b:80aa
AAAA → 2a01:4f9:c010:4969::1
AAAA → 2406:da14:335:b601:ceb7:b4fc:a855:f3a5
AAAA → 2600:1700:22f1:641f:e8:39c8:eb1d:a1eb
AAAA → 2a01:4f8:190:5176::123
AAAA → 2a00:1398:4:2a03::14
AAAA → 2a03:b0c0:1:e0::77e:4001
AAAA → 2a01:4f9:2a:112d::2
A → bitcoinstats.com A → 104.21.25.120
A → 172.67.134.54
AAAA → bitcoinstats.com AAAA → 2606:4700:3033::6815:1978
AAAA → 2606:4700:3035::ac43:8636
The container attempts to connect to the following remote hosts:
IP address Domain Location Coordinates ASN organization
63.227.116.162 Littleton, United States 39.5892, -105.1359 CENTURYLINK-US-LEGACY-QWEST
23.175.0.202 United States 37.751, -97.822 JCOLO
18.188.71.57 x9.dnsseed.bluematt.me Columbus, United States 39.9625, -83.0061 AMAZON-02
95.217.46.214 x9.dnsseed.bluematt.me Helsinki, Finland 60.1719, 24.9347 Hetzner Online GmbH
73.56.202.198 x9.dnsseed.bluematt.me Fort Lauderdale, United States 26.1486, -80.2768 COMCAST-7922
159.89.182.64 Clifton, United States 40.8364, -74.1403 DIGITALOCEAN-ASN
46.72.238.17 Voronezh, Russia 51.6451, 39.1708 Net By Net Holding LLC
98.109.159.216 Toms River, United States 39.9769, -74.1601 UUNET
161.117.239.176 Singapore, Singapore 1.2923, 103.8195 Alibaba US Technology Co., Ltd.
67.210.228.203 Plano, United States 33.0287, -96.6826 GLOBAL-IP-NETWORKS
76.69.213.152 Blainville, Canada 45.6742, -73.8754 BACOM
168.119.172.142 Germany 51.2993, 9.491 Hetzner Online GmbH
75.172.51.91 Seattle, United States 47.6901, -122.3747 CENTURYLINK-US-LEGACY-QWEST
34.247.49.32 Dublin, Ireland 53.3382, -6.2591 AMAZON-02
192.3.11.20 dashjr.org Detroit, United States 42.4248, -83.1951 AS-COLOCROSSING
206.189.62.14 Frankfurt am Main, Germany 50.1188, 8.6843 DIGITALOCEAN-ASN
65.20.68.185 Mumbai, India 19.0748, 72.8856 AS-CHOOPA
15.161.54.116 Milan, Italy 45.4722, 9.1922 AMAZON-02
178.128.160.206 x9.dnsseed.bluematt.me London, United Kingdom 51.5368, -0.6718 DIGITALOCEAN-ASN
195.248.240.78 x9.dnsseed.bluematt.me Nuremberg, Germany 49.4527, 11.0783 BitCommand
188.165.224.88 France 48.8582, 2.3387 OVH SAS
192.3.11.24 dashjr.org Detroit, United States 42.4248, -83.1951 AS-COLOCROSSING
136.243.15.245 Germany 51.2993, 9.491 Hetzner Online GmbH
46.19.139.118 x9.dnsseed.bluematt.me Zurich, Switzerland 47.3682, 8.5671 Private Layer INC
192.241.145.8 North Bergen, United States 40.793, -74.0247 DIGITALOCEAN-ASN
47.198.204.108 x9.dnsseed.bluematt.me Tampa, United States 28.0475, -82.6148 FRONTIER-FRTR
143.110.159.19 Santa Clara, United States 37.3931, -121.962 DIGITALOCEAN-ASN
144.217.240.89 bitcoin.sipa.be Beauharnois, Canada 45.3161, -73.8736 OVH SAS
85.208.69.12 x9.dnsseed.bluematt.me France 48.8582, 2.3387 Three Fourteen SASU
103.99.170.210 Japan 35.6897, 139.6895 WIZ K.K.
64.71.74.75 West Palm Beach, United States 26.6715, -80.0571 CLOUD-SOUTH
34.66.138.202 Council Bluffs, United States 41.2591, -95.8517 GOOGLE-CLOUD-PLATFORM
24.16.43.77 Sammamish, United States 47.626, -122.0404 COMCAST-7922
135.180.218.58 Berkeley, United States 37.8767, -122.2676 AS-SONICTELECOM
176.9.156.51 Germany 51.2993, 9.491 Hetzner Online GmbH
104.54.215.47 Leander, United States 30.5875, -97.8535 ATT-INTERNET4
157.175.59.43 Bahrain 26.0333, 50.55 AMAZON-02
217.251.128.8 Warendorf, Germany 51.9503, 7.9855 Deutsche Telekom AG
200.6.250.234 Guatemala City, Guatemala 14.6343, -90.5155 Telgua
76.79.12.236 Columbus, United States 41.4294, -97.3681 TWC-11427-TEXAS
104.21.25.120 bitcoinstats.com San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
83.243.133.228 x9.dnsseed.bluematt.me Ålesund, Norway 62.4649, 6.1287 Telia Norge AS
80.218.132.218 Le Landeron, Switzerland 47.0555, 7.0758 Liberty Global B.V.
142.112.207.147 x9.dnsseed.bluematt.me Toronto, Canada 43.64, -79.433 BACOM
152.231.121.236 x9.dnsseed.bluematt.me Santiago, Chile -33.4513, -70.6653 ENTEL CHILE S.A.
90.163.172.139 Murcia, Spain 37.9921, -1.1201 Orange Espagne SA
173.31.2.65 x9.dnsseed.bluematt.me Ankeny, United States 41.7185, -93.5646 MEDIACOM-ENTERPRISE-BUSINESS
83.148.241.167 Salo, Finland 60.4013, 23.1072 Lounea Palvelut Oy
77.20.48.67 Bremerhaven, Germany 53.5026, 8.5977 Vodafone GmbH
95.105.186.195 Bratislava, Slovakia 48.1833, 17.0379 Orange Slovensko a.s.
34.125.46.3 Las Vegas, United States 36.1685, -115.1164 GOOGLE-CLOUD-PLATFORM
149.167.99.190 Brisbane, Australia -27.4679, 153.0325 Belong Telstra Corporation
5.45.83.20 Moscow, Russia 55.7483, 37.6171 RECONN LLC
15.228.89.32 São Paulo, Brazil -23.5335, -46.6359 AMAZON-02
52.173.135.208 Des Moines, United States 41.6021, -93.6124 MICROSOFT-CORP-MSN-AS-BLOCK
213.142.166.32 Brügg, Switzerland 47.1213, 7.2803 Evard Antennenbau AG
88.212.44.33 Humenné, Slovakia 48.9372, 21.9201 ANTIK Telecom s.r.o
34.249.21.210 Dublin, Ireland 53.3382, -6.2591 AMAZON-02
206.123.112.180 United States 37.751, -97.822 AS-TIERP-30496
69.138.254.191 Baltimore, United States 39.3645, -76.6069 COMCAST-7922
23.233.107.21 Montreal, Canada 45.5422, -73.5445 TEKSAVVY
73.111.229.10 Vernon Hills, United States 42.2284, -87.9722 COMCAST-7922
148.251.121.185 Braunlage, Germany 51.7262, 10.6142 Hetzner Online GmbH
34.64.144.84 Seoul, South Korea 37.5794, 126.9754 Google Asia Pacific Pte. Ltd.
47.243.121.223 Central, Hong Kong 22.2908, 114.1501 Alibaba US Technology Co., Ltd.
172.67.134.54 bitcoinstats.com United States 37.751, -97.822 CLOUDFLARENET
5.81.226.135 x9.dnsseed.bluematt.me Burscough, United Kingdom 53.6081, -2.822 British Telecommunications PLC
5.196.69.107 France 48.8582, 2.3387 OVH SAS
64.156.192.61 United States 37.751, -97.822 M5HOSTING
185.25.48.114 Lithuania 55.4167, 24.0 Informacines sistemos ir technologijos, UAB
54.39.156.171 Québec, Canada 46.8038, -71.2461 OVH SAS
95.211.189.3 Netherlands 52.3824, 4.8995 LeaseWeb Netherlands B.V.
84.201.143.124 Russia 55.7386, 37.6068 Yandex.Cloud LLC
2.230.9.7 x9.dnsseed.bluematt.me Milan, Italy 45.4722, 9.1922 Fastweb
81.173.139.14 x9.dnsseed.bluematt.me Cologne, Germany 50.9301, 6.9544 NetCologne Gesellschaft fur Telekommunikation mbH
31.191.186.39 Italy 43.1479, 12.1097 Wind Tre S.p.A.
139.177.184.116 Singapore, Singapore 1.3036, 103.8554 Linode, LLC
96.35.53.251 x9.dnsseed.bluematt.me Fenton, United States 38.4998, -90.465 CHARTER-20115
208.68.6.54 bluematt.me United States 37.751, -97.822 AS-OKI
182.52.17.36 x9.dnsseed.bluematt.me Thon Buri, Thailand 13.7088, 100.4842 TOT Public Company Limited
5.9.104.23 Germany 51.2993, 9.491 Hetzner Online GmbH
34.82.210.229 The Dalles, United States 45.5999, -121.1871 GOOGLE-CLOUD-PLATFORM
71.163.157.47 Chantilly, United States 38.8976, -77.5109 UUNET
74.213.251.168 Los Angeles, United States 34.0322, -118.2836 CSSBB
45.129.180.214 Germany 51.2993, 9.491 netcup GmbH
5.9.158.123 Bad Sackingen, Germany 47.5534, 7.9519 Hetzner Online GmbH
15.207.19.192 Mumbai, India 19.0748, 72.8856 AMAZON-02
115.68.52.240 South Korea 37.5112, 126.9741 SMILESERV
186.145.57.66 Bogotá, Colombia 4.6496, -74.0632 Telmex Colombia S.A.
157.131.198.112 x9.dnsseed.bluematt.me San Francisco, United States 37.7506, -122.4121 AS-SONICTELECOM
175.43.241.166 x9.dnsseed.bluematt.me Zhangzhou, China 24.5027, 117.6495 CHINA UNICOM China169 Backbone
54.238.129.38 Tokyo, Japan 35.6893, 139.6899 AMAZON-02
185.215.226.67 Edison, United States 40.5237, -74.4151 LEASEWEB-USA-NYC
45.136.50.199 Amsterdam, Netherlands 52.3759, 4.8975 Scalaxy B.V.
172.113.6.46 San Bernardino, United States 34.2166, -117.3908 TWC-20001-PACWEST
212.5.22.123 x9.dnsseed.bluematt.me Geseke, Germany 51.6393, 8.5106 Plusnet GmbH
67.162.69.225 Homer Glen, United States 41.6017, -87.9557 COMCAST-7922
13.244.60.210 Cape Town, South Africa -34.0486, 18.4811 AMAZON-02
81.251.223.139 x9.dnsseed.bluematt.me Mornant, France 45.6199, 4.6756 Orange
The container starts a service that renders the following contents over port 8332:
The container produces the following text output:
user@host: ~