Vulnerability Reportdebian:12

Name: debian:12 Security Vulnerability Report
Creator: BaseImage
Keywords: debian:12, Docker security, vulnerability scan, CVE, container security, SBOM

debian:bookworm-20260518debian:bookwormdebian:12.14debian:12

DIGESTsha256:ed4fcc40bb1162b6d2d32e7bec15044d13963779abbe63f67f1cd62b06220519

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve arbitrary code execution, cause a denial of service, or potentially bypass authentication for services running inside the container. Specifically, CVE-2018-20796 in glibc could lead to a denial of service through crafted regular expressions, a common operation in a `bash` environment. Furthermore, CVE-2023-45853 in zlib poses a threat of arbitrary code execution if the container processes maliciously crafted zip files using vulnerable MiniZip functionality. Several other high-severity vulnerabilities also exist, further increasing the attack surface.

Threat Score

100/100

DANGEROUS

The image contains critical exposed vulnerabilities, including CVE-2018-20796 (glibc denial of service) which has a high contextual importance for a 'bash' based container and a severity of 7.5.
Another high-severity vulnerability, CVE-2023-45853 (zlib arbitrary code execution/denial of service) with a severity of 7.84, could be exploited if the container processes untrusted zip files.
There are 3 exposed vulnerabilities with severity 7.0 or higher, and a total of 18 exposed vulnerabilities with severity 6.0 or higher, significantly increasing the attack surface.
Despite being an Official Docker Hub Image, the presence of readily exploitable high-severity vulnerabilities makes it unsuitable for production use.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

debian:12

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

131 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-45853	HIGH7.84	zlib1g 1:1.2.13.dfsg-1 No fix yet	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	HIGH7.5	libc-bin 2.36-9+deb12u14 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2018-20796	HIGH7.5	libc6 2.36-9+deb12u14 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2019-1010022	MEDIUM6.66	libc-bin 2.36-9+deb12u14 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-1010022	MEDIUM6.66	libc6 2.36-9+deb12u14 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42010	MEDIUM6.66	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-69720	MEDIUM6.63	libtinfo6 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69720	MEDIUM6.63	ncurses-base 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42013	MEDIUM6.56	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2026-5260	MEDIUM6.56	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2019-9192	MEDIUM6.38	libc-bin 2.36-9+deb12u14 No fix yet	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2019-9192	MEDIUM6.38	libc6 2.36-9+deb12u14 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-41989	MEDIUM6.38	libgcrypt20 1.10.1-3 fixed in 1.10.1-3+deb12u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33846	MEDIUM6.38	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3833	MEDIUM6.29	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42011	MEDIUM6.29	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33845	MEDIUM6.18	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42009	MEDIUM6	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2026-42012	MEDIUM5.68	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2026-6238	MEDIUM5.52	libc-bin 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	MEDIUM5.52	libtinfo6 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	MEDIUM5.52	ncurses-base 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM5.3	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libblkid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libsmartcols1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2018-6829	MEDIUM5.1	libgcrypt20 1.10.1-3 No fix yet	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc-bin 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.10.1-3 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2025-13151	MEDIUM5.02	libtasn1-6 4.19.0-2+deb12u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM5	libbz2-1.0 1.0.8-5+b1 No fix yet	—	Directly Exposed
CVE-2005-2541	MEDIUM4.8	tar 1.34+dfsg-1.2+deb12u1 No fix yet	3.8% Low-Moderate Risk	Post-ExploitContext importance: MEDIUM
CVE-2026-8376	MEDIUM4.7	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-ExploitContext importance: MEDIUM
CVE-2026-48962	MEDIUM4.68	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-Exploit
CVE-2022-0563	MEDIUM4.67	libblkid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc-s1 12.2.0-14+deb12u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libsmartcols1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++6 12.2.0-14+deb12u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.2.13.dfsg-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libblkid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc-bin 2.36-9+deb12u14 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc-bin 2.36-9+deb12u14 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc6 2.36-9+deb12u14 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.36-9+deb12u14 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.4.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libmount1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libsmartcols1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 252.39-1~deb12u2 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 252.39-1~deb12u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 252.39-1~deb12u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 252.39-1~deb12u2 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 252.39-1~deb12u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 252.39-1~deb12u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libuuid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42496	MEDIUM4.37	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-ExploitContext importance: MEDIUM
CVE-2011-3389	MEDIUM4.3	libgnutls30 3.7.9-2+deb12u6 No fix yet	3.8% Low-Moderate Risk	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc-bin 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc-bin 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2007-5686	MEDIUM4.17	login 1:4.13+dfsg1-1+deb12u2 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2023-31486	MEDIUM4.13	perl-base 5.36.0-7+deb12u3 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2026-27456	MEDIUM4	libblkid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-10041	MEDIUM4	libpam-modules 1.5.2-6+deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-10041	MEDIUM4	libpam-runtime 1.5.2-6+deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-10041	MEDIUM4	libpam0g 1.5.2-6+deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69720	LOW3.98	ncurses-bin 6.4-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW3.7	libapt-pkg6.0 2.6.1 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2026-5419	LOW3.7	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly Exposed
CVE-2026-42497	LOW3.6	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-ExploitContext importance: MEDIUM
CVE-2026-9538	LOW3.6	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-ExploitContext importance: MEDIUM
CVE-2024-56433	LOW3.6	login 1:4.13+dfsg1-1+deb12u2 No fix yet	4.5% Low-Moderate Risk	Directly Exposed
CVE-2010-4756	LOW3.4	libc-bin 2.36-9+deb12u14 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.36-9+deb12u14 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2016-2781	LOW3.31	coreutils 9.1-1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-50495	LOW3.31	ncurses-bin 6.4-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	bsdutils 1:2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux-extra 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.34+dfsg-1.2+deb12u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux-extra 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2013-4392	LOW2.8	libsystemd0 252.39-1~deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 252.39-1~deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-6141	LOW2.8	libtinfo6 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 252.39-1~deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 252.39-1~deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-6141	LOW2.8	ncurses-base 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW2.7	bsdutils 1:2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux-extra 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc-bin 2.36-9+deb12u14 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc6 2.36-9+deb12u14 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.13+dfsg1-1+deb12u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.1-1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-30258	LOW2.4	gpgv 2.2.40-1.1+deb12u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpgv 2.2.40-1.1+deb12u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2024-10041	LOW2.4	libpam-modules-bin 1.5.2-6+deb12u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux-extra 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.1-1 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 2.6.1 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.13+dfsg1-1+deb12u2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2022-3219	LOW1.68	gpgv 2.2.40-1.1+deb12u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-6141	LOW1.68	ncurses-bin 6.4-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.36.0-7+deb12u3 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2022-27943	NONE0	gcc-12-base 12.2.0-14+deb12u1 No fix yet	<0.1% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.15-2+b13 No fix yet	—	Not Applicable
CVE-2026-42014	NONE0	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	login 1:4.13+dfsg1-1+deb12u2 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.13+dfsg1-1+deb12u2 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl-base 5.36.0-7+deb12u3 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	perl-base 5.36.0-7+deb12u3 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	perl-base 5.36.0-7+deb12u3 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-48961	NONE0	perl-base 5.36.0-7+deb12u3 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.06-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.34+dfsg-1.2+deb12u1 No fix yet	—	Not Applicable