High Severity Vulnerability in etcd-utils

Currently, the etcd-utils image contains the vulnerabilities:

```
## Overview

                   │               Analyzed Image               
───────────────────┼────────────────────────────────────────────
 Target            │  etcdctl:test                              
   digest          │  4c2170e67a4b                              
   platform        │ linux/arm64                                
   provenance      │ git@github.com:dejanu/etcd-utils.git       
                   │  https://github.com/dejanu/etcd-utils/blob/58c3f183e3df5c57c6f14db1253bc4a724815bd4  
   vulnerabilities │    0C     6H     4M    15L     7?          
   size            │ 20 MB                                      
   packages        │ 83                                         


## Packages and Vulnerabilities

   0C     5H     3M     0L  stdlib 1.25.9
pkg:golang/stdlib@1.25.9

    ✗ HIGH CVE-2026-42499
      https://scout.docker.com/v/CVE-2026-42499?s=golang&n=stdlib&t=golang&vr=%3C1.25.10
      Affected range : <1.25.10 
      Fixed version  : 1.25.10  
    
    ✗ HIGH CVE-2026-39836
      https://scout.docker.com/v/CVE-2026-39836?s=golang&n=stdlib&t=golang&vr=%3C1.25.10
      Affected range : <1.25.10 
      Fixed version  : 1.25.10  
    
    ✗ HIGH CVE-2026-39820
      https://scout.docker.com/v/CVE-2026-39820?s=golang&n=stdlib&t=golang&vr=%3C1.25.10
      Affected range : <1.25.10 
      Fixed version  : 1.25.10  
    
    ✗ HIGH CVE-2026-33814
      https://scout.docker.com/v/CVE-2026-33814?s=golang&n=stdlib&t=golang&vr=%3C1.25.10
      Affected range : <1.25.10 
      Fixed version  : 1.25.10  
    
    ✗ HIGH CVE-2026-33811
      https://scout.docker.com/v/CVE-2026-33811?s=golang&n=stdlib&t=golang&vr=%3C1.25.10
      Affected range : <1.25.10 
      Fixed version  : 1.25.10  
    
    ✗ MEDIUM CVE-2026-39826
      https://scout.docker.com/v/CVE-2026-39826?s=golang&n=stdlib&t=golang&vr=%3C1.25.10
      Affected range : <1.25.10 
      Fixed version  : 1.25.10  
    
    ✗ MEDIUM CVE-2026-39823
      https://scout.docker.com/v/CVE-2026-39823?s=golang&n=stdlib&t=golang&vr=%3C1.25.10
      Affected range : <1.25.10 
      Fixed version  : 1.25.10  
    
    ✗ MEDIUM CVE-2026-39825
      https://scout.docker.com/v/CVE-2026-39825?s=golang&n=stdlib&t=golang&vr=%3C1.25.10
      Affected range : <1.25.10 
      Fixed version  : 1.25.10  
    

   0C     1H     0M     0L     6?  golang.org/x/net 0.52.0
pkg:golang/golang.org/x/net@0.52.0

    ✗ HIGH CVE-2026-33814
      https://scout.docker.com/v/CVE-2026-33814?s=golang&n=net&ns=golang.org%2Fx&t=golang&vr=%3C0.53.0
      Affected range : <0.53.0 
      Fixed version  : 0.53.0  
    
    ✗ UNSPECIFIED CVE-2026-42506
      https://scout.docker.com/v/CVE-2026-42506?s=golang&n=net&ns=golang.org%2Fx&t=golang&vr=%3C0.55.0
      Affected range : <0.55.0 
      Fixed version  : 0.55.0  
    
    ✗ UNSPECIFIED CVE-2026-42502
      https://scout.docker.com/v/CVE-2026-42502?s=golang&n=net&ns=golang.org%2Fx&t=golang&vr=%3C0.55.0
      Affected range : <0.55.0 
      Fixed version  : 0.55.0  
    
    ✗ UNSPECIFIED CVE-2026-39821
      https://scout.docker.com/v/CVE-2026-39821?s=golang&n=net&ns=golang.org%2Fx&t=golang&vr=%3C0.55.0
      Affected range : <0.55.0 
      Fixed version  : 0.55.0  
    
    ✗ UNSPECIFIED CVE-2026-27136
      https://scout.docker.com/v/CVE-2026-27136?s=golang&n=net&ns=golang.org%2Fx&t=golang&vr=%3C0.55.0
      Affected range : <0.55.0 
      Fixed version  : 0.55.0  
    
    ✗ UNSPECIFIED CVE-2026-25681
      https://scout.docker.com/v/CVE-2026-25681?s=golang&n=net&ns=golang.org%2Fx&t=golang&vr=%3C0.55.0
      Affected range : <0.55.0 
      Fixed version  : 0.55.0  
    
    ✗ UNSPECIFIED CVE-2026-25680
      https://scout.docker.com/v/CVE-2026-25680?s=golang&n=net&ns=golang.org%2Fx&t=golang&vr=%3C0.55.0
      Affected range : <0.55.0 
      Fixed version  : 0.55.0  
    

   0C     0H     1M     1L  tar 1.35+dfsg-3.1+dhi0
pkg:deb/debian/tar@1.35%2Bdfsg-3.1%2Bdhi0?os_distro=trixie&os_name=debian&os_version=13

    ✗ MEDIUM CVE-2025-45582
      https://scout.docker.com/v/CVE-2025-45582?s=debian&n=tar&ns=debian&t=deb&osn=debian&osv=13&vr=%3E%3D1.35%2Bdfsg-3.1
      Affected range : >=1.35+dfsg-3.1 
      Fixed version  : not fixed       
    
    ✗ LOW CVE-2005-2541
      https://scout.docker.com/v/CVE-2005-2541?s=debian&n=tar&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    

   0C     0H     0M     7L  glibc 2.41-12+deb13u3+dhi0
pkg:deb/debian/glibc@2.41-12%2Bdeb13u3%2Bdhi0?os_distro=trixie&os_name=debian&os_version=13

    ✗ LOW CVE-2019-9192
      https://scout.docker.com/v/CVE-2019-9192?s=debian&n=glibc&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2019-1010025
      https://scout.docker.com/v/CVE-2019-1010025?s=debian&n=glibc&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2019-1010024
      https://scout.docker.com/v/CVE-2019-1010024?s=debian&n=glibc&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2019-1010023
      https://scout.docker.com/v/CVE-2019-1010023?s=debian&n=glibc&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2019-1010022
      https://scout.docker.com/v/CVE-2019-1010022?s=debian&n=glibc&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2018-20796
      https://scout.docker.com/v/CVE-2018-20796?s=debian&n=glibc&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2010-4756
      https://scout.docker.com/v/CVE-2010-4756?s=debian&n=glibc&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    

   0C     0H     0M     4L  systemd 257.13-1~deb13u1+dhi0
pkg:deb/debian/systemd@257.13-1~deb13u1%2Bdhi0?os_distro=trixie&os_name=debian&os_version=13

    ✗ LOW CVE-2023-31439
      https://scout.docker.com/v/CVE-2023-31439?s=debian&n=systemd&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2023-31438
      https://scout.docker.com/v/CVE-2023-31438?s=debian&n=systemd&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2023-31437
      https://scout.docker.com/v/CVE-2023-31437?s=debian&n=systemd&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2013-4392
      https://scout.docker.com/v/CVE-2013-4392?s=debian&n=systemd&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    

   0C     0H     0M     2L  coreutils 9.7-3+dhi2
pkg:deb/debian/coreutils@9.7-3%2Bdhi2?os_distro=trixie&os_name=debian&os_version=13

    ✗ LOW CVE-2025-5278
      https://scout.docker.com/v/CVE-2025-5278?s=debian&n=coreutils&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    
    ✗ LOW CVE-2017-18018
      https://scout.docker.com/v/CVE-2017-18018?s=debian&n=coreutils&ns=debian&t=deb&osn=debian&osv=13&vr=%3E0
      Affected range : >0        
      Fixed version  : not fixed 
    

   0C     0H     0M     1L  openssl 3.5.6-1~deb13u1+dhi1
pkg:deb/debian/openssl@3.5.6-1~deb13u1%2Bdhi1?os_distro=trixie&os_name=debian&os_version=13

    ✗ LOW CVE-2010-0928
      https://scout.docker.com/v/CVE-2010-0928?s=debian&n=openssl&ns=debian&t=deb&osn=debian&osv=13&vr=%3E%3D3.2.1-3
      Affected range : >=3.2.1-3 
      Fixed version  : not fixed 
    

   0C     0H     0M     0L     1?  golang.org/x/sys 0.42.0
pkg:golang/golang.org/x/sys@0.42.0

    ✗ UNSPECIFIED CVE-2026-39824
      https://scout.docker.com/v/CVE-2026-39824?s=golang&n=sys&ns=golang.org%2Fx&t=golang&vr=%3C0.44.0
      Affected range : <0.44.0 
      Fixed version  : 0.44.0  
    


32 vulnerabilities found in 8 packages
  CRITICAL     0  
  HIGH         6  
  MEDIUM       4  
  LOW          15 
  UNSPECIFIED  7  

```

Rebuild the etcdctl binary with Go 1.25.10 or later to address the 5+ HIGH vulnerabilities that are coming from the etcdctl binary itself, which was compiled with Go 1.25.9. The Go stdlib has 5 HIGH CVEs that need Go 1.25.10, and golang.org/x/net has 1 HIGH CVE needing version 0.53.0.


The etcdctl binary was built with outdated Go dependencies (repo here: https://github.com/etcd-io/etcd)

Rebuild etcdctl from source with patched Go (best if you control the build)

Update your downloader stage to build etcdctl with Go 1.25.10+:

```
FROM golang:1.25.10-bookworm AS builder

WORKDIR /build
RUN git clone https://github.com/etcd-io/etcd.git . && \
git checkout v3.6.11 && \
go build -o etcdctl ./cmd/etcdctl

FROM dhi.io/debian-base:trixie

COPY --chmod=755 --from=builder /build/etcdctl /usr/local/bin/etcdctl

USER 0
ENTRYPOINT ["/usr/local/bin/etcdctl"]
CMD []
```

Test:

```bash
docker build -t etcdctl:test .
docker scout cves etcdctl:test
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

High Severity Vulnerability in etcd-utils #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

High Severity Vulnerability in etcd-utils #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions