Vulnerability Reportamazonlinux:1

amazonlinux:2018.03.0.20231218.0amazonlinux:2018.03amazonlinux:1

DIGESTsha256:34af2c1138ff3f7047bc86a80eb8084996c598c52d959e3c0e9af73ce60f3258

Executive Summary

SAFE

This base/runtime image is a clean foundation for building production images. It contains 11 post-exploit-only vulnerabilities, all of low severity (max 4.12) with no practical remote impact. The most notable CVE-2024-2961 in glibc requires the container to call iconv() on attacker-controlled strings, which does not occur in standard /bin/bash usage. No exposed vulnerabilities exist, and the image is officially published, making it a low-risk starting point. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Threat Score

0/100

SAFE

Official Docker Hub image pinned by digest (immutable) with high popularity.
No exposed surface vulnerabilities; all findings are post-exploit only.
Post-exploit findings are low severity (max 4.12) and local-only; CVE-2024-2961 requires iconv() on attacker-controlled input, not part of normal operation.
Trust score 100 and vendor 'Docker Official' indicate strong reputation.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

Vulnerabilities

Vulnerability Log

11 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2024-2961	MEDIUM4.12	glibc 2.17-324.189.amzn1 fixed in 2.17-324.190.amzn1	88.3% Actively Exploited	Post-Exploit
CVE-2024-2961	MEDIUM4.12	glibc-common 2.17-324.189.amzn1 fixed in 2.17-324.190.amzn1	88.3% Actively Exploited	Post-Exploit
CVE-2024-56171	LOW3.53	libxml2 2.9.1-6.6.44.amzn1 fixed in 2.9.1-6.6.45.amzn1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-56171	LOW3.53	libxml2-python27 2.9.1-6.6.44.amzn1 fixed in 2.9.1-6.6.45.amzn1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2024-45490	LOW2.7	expat 2.1.0-15.34.amzn1 fixed in 2.1.0-15.35.amzn1	1.7% Low-Moderate Risk	Post-Exploit
CVE-2024-28182	LOW2.48	libnghttp2 1.33.0-1.1.8.amzn1 fixed in 1.33.0-1.1.9.amzn1	85.0% Actively Exploited	Post-Exploit
CVE-2020-35457	LOW2.39	glib2 2.36.3-5.26.amzn1 fixed in 2.36.3-5.27.amzn1	0.6% Theoretical Threat	Post-Exploit
CVE-2025-24928	LOW2.36	libxml2 2.9.1-6.6.44.amzn1 fixed in 2.9.1-6.6.45.amzn1	0.4% Theoretical Threat	Post-Exploit
CVE-2025-24928	LOW2.36	libxml2-python27 2.9.1-6.6.44.amzn1 fixed in 2.9.1-6.6.45.amzn1	0.4% Theoretical Threat	Post-Exploit
CVE-2023-5388	LOW1.99	nss-softokn 3.53.1-6.48.amzn1 fixed in 3.53.1-6.49.amzn1	0.8% Theoretical Threat	Post-Exploit
CVE-2023-5388	LOW1.99	nss-softokn-freebl 3.53.1-6.48.amzn1 fixed in 3.53.1-6.49.amzn1	0.8% Theoretical Threat	Post-Exploit