Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-11468 (GCVE-0-2017-11468)
Vulnerability from cvelistv5
Published
2017-07-20 23:00
Modified
2024-08-05 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2603",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/docker/distribution/releases/tag/v2.6.2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/docker/distribution/pull/2340"
},
{
"name": "openSUSE-SU-2020:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T18:06:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:2603",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/docker/distribution/releases/tag/v2.6.2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/docker/distribution/pull/2340"
},
{
"name": "openSUSE-SU-2020:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2603",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"name": "https://github.com/docker/distribution/releases/tag/v2.6.2",
"refsource": "CONFIRM",
"url": "https://github.com/docker/distribution/releases/tag/v2.6.2"
},
{
"name": "https://github.com/docker/distribution/pull/2340",
"refsource": "CONFIRM",
"url": "https://github.com/docker/distribution/pull/2340"
},
{
"name": "openSUSE-SU-2020:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11468",
"datePublished": "2017-07-20T23:00:00",
"dateReserved": "2017-07-19T00:00:00",
"dateUpdated": "2024-08-05T18:12:39.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-11468\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-07-20T23:29:00.187\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.\"},{\"lang\":\"es\",\"value\":\"Docker Registry anterior a versi\u00f3n 2.6.2 en Docker Distribution, no restringe apropiadamente la cantidad de contenido aceptado por un usuario, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) por medio un endpoint manifest.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker_registry:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.1\",\"matchCriteriaId\":\"0CD9E095-2771-4013-B1EB-B00CE7C9CB89\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2603\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/docker/distribution/pull/2340\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/docker/distribution/releases/tag/v2.6.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/docker/distribution/pull/2340\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/docker/distribution/releases/tag/v2.6.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2017:2603
Vulnerability from csaf_redhat
Published
2017-09-05 10:33
Modified
2025-10-09 17:01
Summary
Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update
Notes
Topic
An update for docker-distribution is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The docker-distribution package provides the tool set to support the Docker Registry version 2.
The following packages have been upgraded to a later upstream version: docker-distribution (2.6.2). (BZ#1479494)
Security Fix(es):
* It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. (CVE-2017-11468)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for docker-distribution is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The docker-distribution package provides the tool set to support the Docker Registry version 2.\n\nThe following packages have been upgraded to a later upstream version: docker-distribution (2.6.2). (BZ#1479494)\n\nSecurity Fix(es):\n\n* It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. (CVE-2017-11468)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2603",
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1474893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474893"
},
{
"category": "external",
"summary": "1479494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479494"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2603.json"
}
],
"title": "Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-10-09T17:01:29+00:00",
"generator": {
"date": "2025-10-09T17:01:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2017:2603",
"initial_release_date": "2017-09-05T10:33:23+00:00",
"revision_history": [
{
"date": "2017-09-05T10:33:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-09-05T10:33:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T17:01:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Extras"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2017-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1474893"
}
],
"notes": [
{
"category": "description",
"text": "It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "docker-distribution: Does not properly restrict the amount of content accepted from a user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-11468"
},
{
"category": "external",
"summary": "RHBZ#1474893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468"
}
],
"release_date": "2017-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-05T10:33:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "docker-distribution: Does not properly restrict the amount of content accepted from a user"
}
]
}
rhsa-2017_2603
Vulnerability from csaf_redhat
Published
2017-09-05 10:33
Modified
2024-11-22 11:19
Summary
Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update
Notes
Topic
An update for docker-distribution is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The docker-distribution package provides the tool set to support the Docker Registry version 2.
The following packages have been upgraded to a later upstream version: docker-distribution (2.6.2). (BZ#1479494)
Security Fix(es):
* It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. (CVE-2017-11468)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for docker-distribution is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The docker-distribution package provides the tool set to support the Docker Registry version 2.\n\nThe following packages have been upgraded to a later upstream version: docker-distribution (2.6.2). (BZ#1479494)\n\nSecurity Fix(es):\n\n* It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. (CVE-2017-11468)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2603",
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1474893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474893"
},
{
"category": "external",
"summary": "1479494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479494"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2603.json"
}
],
"title": "Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T11:19:41+00:00",
"generator": {
"date": "2024-11-22T11:19:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2017:2603",
"initial_release_date": "2017-09-05T10:33:23+00:00",
"revision_history": [
{
"date": "2017-09-05T10:33:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-09-05T10:33:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T11:19:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Extras"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2017-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1474893"
}
],
"notes": [
{
"category": "description",
"text": "It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "docker-distribution: Does not properly restrict the amount of content accepted from a user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-11468"
},
{
"category": "external",
"summary": "RHBZ#1474893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468"
}
],
"release_date": "2017-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-05T10:33:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "docker-distribution: Does not properly restrict the amount of content accepted from a user"
}
]
}
rhsa-2017:2603
Vulnerability from csaf_redhat
Published
2017-09-05 10:33
Modified
2025-10-09 17:01
Summary
Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update
Notes
Topic
An update for docker-distribution is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The docker-distribution package provides the tool set to support the Docker Registry version 2.
The following packages have been upgraded to a later upstream version: docker-distribution (2.6.2). (BZ#1479494)
Security Fix(es):
* It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. (CVE-2017-11468)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for docker-distribution is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The docker-distribution package provides the tool set to support the Docker Registry version 2.\n\nThe following packages have been upgraded to a later upstream version: docker-distribution (2.6.2). (BZ#1479494)\n\nSecurity Fix(es):\n\n* It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. (CVE-2017-11468)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2603",
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1474893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474893"
},
{
"category": "external",
"summary": "1479494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479494"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2603.json"
}
],
"title": "Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-10-09T17:01:29+00:00",
"generator": {
"date": "2025-10-09T17:01:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2017:2603",
"initial_release_date": "2017-09-05T10:33:23+00:00",
"revision_history": [
{
"date": "2017-09-05T10:33:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-09-05T10:33:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T17:01:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 7 Extras",
"product": {
"name": "Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_other:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Extras"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product_id": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/docker-distribution@2.6.2-1.git48294d9.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.src as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64 as a component of Red Hat Enterprise Linux 7 Extras",
"product_id": "7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
},
"product_reference": "docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64",
"relates_to_product_reference": "7Server-EXTRAS-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2017-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1474893"
}
],
"notes": [
{
"category": "description",
"text": "It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "docker-distribution: Does not properly restrict the amount of content accepted from a user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-11468"
},
{
"category": "external",
"summary": "RHBZ#1474893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11468"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468"
}
],
"release_date": "2017-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-05T10:33:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.ppc64le",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.src",
"7Server-EXTRAS-7.4:docker-distribution-0:2.6.2-1.git48294d9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "docker-distribution: Does not properly restrict the amount of content accepted from a user"
}
]
}
wid-sec-w-2023-2264
Vulnerability from csaf_certbund
Published
2017-07-26 22:00
Modified
2023-09-04 22:00
Summary
docker: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in docker ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in docker ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2264 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2023-2264.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2264 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2264"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6336-1 vom 2023-09-05",
"url": "https://ubuntu.com/security/notices/USN-6336-1"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2017-11468 vom 2017-07-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2603 vom 2017-09-05",
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:0865-1 vom 2018-04-04",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180865-1.html"
}
],
"source_lang": "en-US",
"title": "docker: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2023-09-04T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:03.100+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2264",
"initial_release_date": "2017-07-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-07-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-07-26T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-09-05T22:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2018-04-03T22:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2023-09-04T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source docker",
"product": {
"name": "Open Source docker",
"product_id": "T010448",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Docker. Die Schwachstelle beruht darauf, dass die Docker Registry den Inhalt nicht beschr\u00e4nkt. Ein Angreifer kann dieses nutzen und den Speicher vollst\u00e4ndig belegen und so einen Denial of Service verursachen."
}
],
"product_status": {
"known_affected": [
"T010448",
"T002207",
"67646",
"T000126"
]
},
"release_date": "2017-07-26T22:00:00.000+00:00",
"title": "CVE-2017-11468"
}
]
}
WID-SEC-W-2023-2264
Vulnerability from csaf_certbund
Published
2017-07-26 22:00
Modified
2023-09-04 22:00
Summary
docker: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in docker ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in docker ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2264 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2023-2264.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2264 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2264"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6336-1 vom 2023-09-05",
"url": "https://ubuntu.com/security/notices/USN-6336-1"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2017-11468 vom 2017-07-26",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2603 vom 2017-09-05",
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:0865-1 vom 2018-04-04",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180865-1.html"
}
],
"source_lang": "en-US",
"title": "docker: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2023-09-04T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:03.100+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2264",
"initial_release_date": "2017-07-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-07-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-07-26T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-09-05T22:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2018-04-03T22:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2023-09-04T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source docker",
"product": {
"name": "Open Source docker",
"product_id": "T010448",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Docker. Die Schwachstelle beruht darauf, dass die Docker Registry den Inhalt nicht beschr\u00e4nkt. Ein Angreifer kann dieses nutzen und den Speicher vollst\u00e4ndig belegen und so einen Denial of Service verursachen."
}
],
"product_status": {
"known_affected": [
"T010448",
"T002207",
"67646",
"T000126"
]
},
"release_date": "2017-07-26T22:00:00.000+00:00",
"title": "CVE-2017-11468"
}
]
}
gsd-2017-11468
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-11468",
"description": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"id": "GSD-2017-11468",
"references": [
"https://www.suse.com/security/cve/CVE-2017-11468.html",
"https://access.redhat.com/errata/RHSA-2017:2603"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-11468"
],
"details": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"id": "GSD-2017-11468",
"modified": "2023-12-13T01:21:15.091921Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2603",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"name": "https://github.com/docker/distribution/releases/tag/v2.6.2",
"refsource": "CONFIRM",
"url": "https://github.com/docker/distribution/releases/tag/v2.6.2"
},
{
"name": "https://github.com/docker/distribution/pull/2340",
"refsource": "CONFIRM",
"url": "https://github.com/docker/distribution/pull/2340"
},
{
"name": "openSUSE-SU-2020:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv2.7.0-rc.0",
"affected_versions": "All versions before 2.7.0-rc.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-02-25",
"description": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"fixed_versions": [
"v2.7.0-rc.0"
],
"identifier": "CVE-2017-11468",
"identifiers": [
"GHSA-h62f-wm92-2cmw",
"CVE-2017-11468"
],
"not_impacted": "All versions starting from 2.7.0-rc.0",
"package_slug": "go/github.com/docker/distribution",
"pubdate": "2022-05-13",
"solution": "Upgrade to version 2.7.0-rc.0 or above. *Note*: 2.7.0-rc.0 may be an unstable version. Use caution.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-11468",
"https://github.com/docker/distribution/pull/2340",
"https://access.redhat.com/errata/RHSA-2017:2603",
"https://github.com/docker/distribution/releases/tag/v2.6.2",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html",
"https://github.com/distribution/distribution/pull/2340",
"https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f",
"https://pkg.go.dev/vuln/GO-2021-0072",
"https://github.com/advisories/GHSA-h62f-wm92-2cmw"
],
"uuid": "e9eba391-d75e-4899-ba24-2cbed6bf0ce5",
"versions": [
{
"commit": {
"sha": "ada5457e8167f298a89d3d6a199f10a195a29f1b",
"tags": [
"v2.7.0-rc.0"
],
"timestamp": "20180928231704"
},
"number": "v2.7.0-rc.0"
}
]
},
{
"affected_range": "\u003cv2.7.0-rc.0",
"affected_versions": "All versions before 2.7.0-rc.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-02-07",
"description": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"fixed_versions": [
"v2.7.0-rc.0"
],
"identifier": "CVE-2017-11468",
"identifiers": [
"GHSA-h62f-wm92-2cmw",
"CVE-2017-11468"
],
"not_impacted": "All versions starting from 2.7.0-rc.0",
"package_slug": "go/github.com/docker/distribution/registry/handlers",
"pubdate": "2022-05-13",
"solution": "Upgrade to version 2.7.0-rc.0 or above. *Note*: 2.7.0-rc.0 may be an unstable version. Use caution.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-11468",
"https://github.com/docker/distribution/pull/2340",
"https://access.redhat.com/errata/RHSA-2017:2603",
"https://github.com/docker/distribution/releases/tag/v2.6.2",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html",
"https://github.com/distribution/distribution/pull/2340",
"https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f",
"https://pkg.go.dev/vuln/GO-2021-0072",
"https://github.com/advisories/GHSA-h62f-wm92-2cmw"
],
"uuid": "8e574d67-1064-48ae-bcdf-ca95d2a7ca9b",
"versions": [
{
"commit": {
"sha": "ada5457e8167f298a89d3d6a199f10a195a29f1b",
"tags": [
"v2.7.0-rc.0"
],
"timestamp": "20180928231704"
},
"number": "v2.7.0-rc.0"
}
]
},
{
"affected_range": "\u003cv2.7.0-rc.0",
"affected_versions": "All versions before 2.7.0-rc.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-770",
"CWE-937"
],
"date": "2023-02-07",
"description": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"fixed_versions": [
"v2.7.0-rc.0"
],
"identifier": "CVE-2017-11468",
"identifiers": [
"GHSA-h62f-wm92-2cmw",
"CVE-2017-11468"
],
"not_impacted": "All versions starting from 2.7.0-rc.0",
"package_slug": "go/github.com/docker/distribution/registry/storage",
"pubdate": "2022-05-13",
"solution": "Upgrade to version 2.7.0-rc.0 or above. *Note*: 2.7.0-rc.0 may be an unstable version. Use caution.",
"title": "Allocation of Resources Without Limits or Throttling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-11468",
"https://github.com/docker/distribution/pull/2340",
"https://access.redhat.com/errata/RHSA-2017:2603",
"https://github.com/docker/distribution/releases/tag/v2.6.2",
"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html",
"https://github.com/distribution/distribution/pull/2340",
"https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f",
"https://pkg.go.dev/vuln/GO-2021-0072",
"https://github.com/advisories/GHSA-h62f-wm92-2cmw"
],
"uuid": "62b0a5ed-9903-40e5-9c23-789c70b3c5a9",
"versions": [
{
"commit": {
"sha": "ada5457e8167f298a89d3d6a199f10a195a29f1b",
"tags": [
"v2.7.0-rc.0"
],
"timestamp": "20180928231704"
},
"number": "v2.7.0-rc.0"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:docker:docker_registry:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11468"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/docker/distribution/releases/tag/v2.6.2",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/docker/distribution/releases/tag/v2.6.2"
},
{
"name": "https://github.com/docker/distribution/pull/2340",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/docker/distribution/pull/2340"
},
{
"name": "RHSA-2017:2603",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"name": "openSUSE-SU-2020:1433",
"refsource": "SUSE",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-01-20T15:24Z",
"publishedDate": "2017-07-20T23:29Z"
}
}
}
CERTFR-2024-AVI-0958
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions 2.3.4.x antérieures à 2.3.4.1 | ||
| IBM | VIOS | VIOS version 4.1 avec un fichier tcl.base versions antérieures à 8.6.10.1 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.13 | ||
| IBM | VIOS | VIOS version 4.1 avec un fichier python3.9.base versions antérieures à 3.9.20.0 | ||
| IBM | AIX | AIX version 7.2 avec un fichier tcl.base versions antérieures à 8.6.10.1 | ||
| IBM | AIX | AIX version 7.3 avec un fichier python3.9.base versions antérieures à 3.9.20.0 | ||
| IBM | AIX | AIX version 7.3 avec un fichier tcl.base versions antérieures à 8.6.10.1 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10 IF01 | ||
| IBM | Cloud Pak System | Cloud Pak System versions 2.3.4.0 avec Db2 versions antérieures à 11.5.9 Special Build | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix03 | ||
| IBM | VIOS | VIOS version 3.1 avec un fichier tcl.base versions antérieures à 8.6.10.1 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.10.27.0 | ||
| IBM | Cloud Transformation Advisor | Cloud Transformation Advisor versions antérieures à 3.10.2 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.10.27.0 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.2.1.x antérieures à 6.2.1.0 iFix14 | ||
| IBM | QRadar Deployment Intelligence App | QRadar Deployment Intelligence App versions antérieures à 3.0.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions 2.3.4.x ant\u00e9rieures \u00e0 2.3.4.1",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.13",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec un fichier python3.9.base versions ant\u00e9rieures \u00e0 3.9.20.0",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 avec un fichier python3.9.base versions ant\u00e9rieures \u00e0 3.9.20.0",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions 2.3.4.0 avec Db2 versions ant\u00e9rieures \u00e0 11.5.9 Special Build",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix03",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 3.1 avec un fichier tcl.base versions ant\u00e9rieures \u00e0 8.6.10.1",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.10.27.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Transformation Advisor versions ant\u00e9rieures \u00e0 3.10.2 ",
"product": {
"name": "Cloud Transformation Advisor",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.10.27.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.0 iFix14",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.15",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2020-25659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2022-23181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23181"
},
{
"name": "CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"name": "CVE-2022-29885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
},
{
"name": "CVE-2022-34305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34305"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2022-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
},
{
"name": "CVE-2022-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-52451",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
},
{
"name": "CVE-2023-52584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52584"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2023-52600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2023-52599",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2024-26586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2024-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
},
{
"name": "CVE-2023-52609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52609"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2023-52591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
},
{
"name": "CVE-2024-26667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26667"
},
{
"name": "CVE-2023-52608",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52608"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2024-26614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
},
{
"name": "CVE-2024-25739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
},
{
"name": "CVE-2023-52623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
},
{
"name": "CVE-2023-52619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-26707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26707"
},
{
"name": "CVE-2024-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26697"
},
{
"name": "CVE-2024-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26704"
},
{
"name": "CVE-2023-52622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52622"
},
{
"name": "CVE-2024-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26727"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2024-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26702"
},
{
"name": "CVE-2024-26710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26710"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2024-26663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26663"
},
{
"name": "CVE-2024-26773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
},
{
"name": "CVE-2024-26660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26660"
},
{
"name": "CVE-2024-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26726"
},
{
"name": "CVE-2024-26640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
},
{
"name": "CVE-2024-26802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26700"
},
{
"name": "CVE-2024-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
},
{
"name": "CVE-2024-26696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26696"
},
{
"name": "CVE-2024-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26698"
},
{
"name": "CVE-2024-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26714"
},
{
"name": "CVE-2024-26686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26686"
},
{
"name": "CVE-2017-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11468"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-52590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52590"
},
{
"name": "CVE-2021-46939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
},
{
"name": "CVE-2024-26870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26870"
},
{
"name": "CVE-2024-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27025"
},
{
"name": "CVE-2024-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2024-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26958"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-26925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26925"
},
{
"name": "CVE-2024-27388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
},
{
"name": "CVE-2024-27020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27020"
},
{
"name": "CVE-2024-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
},
{
"name": "CVE-2024-26820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26820"
},
{
"name": "CVE-2024-26878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26878"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2024-26825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26825"
},
{
"name": "CVE-2024-27019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
},
{
"name": "CVE-2024-26668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26668"
},
{
"name": "CVE-2024-26669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26669"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-52653",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52653"
},
{
"name": "CVE-2024-26853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
},
{
"name": "CVE-2022-48632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48632"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2024-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35947"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2024-36889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
},
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2024-36905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36905"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36940"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-36950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36950"
},
{
"name": "CVE-2024-36954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36954"
},
{
"name": "CVE-2021-47231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47231"
},
{
"name": "CVE-2021-47284",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47284"
},
{
"name": "CVE-2021-47373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47373"
},
{
"name": "CVE-2021-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47408"
},
{
"name": "CVE-2021-47449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47449"
},
{
"name": "CVE-2021-47461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47461"
},
{
"name": "CVE-2021-47468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47468"
},
{
"name": "CVE-2021-47491",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47491"
},
{
"name": "CVE-2021-47548",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47548"
},
{
"name": "CVE-2023-52662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52662"
},
{
"name": "CVE-2023-52679",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52679"
},
{
"name": "CVE-2023-52707",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52707"
},
{
"name": "CVE-2023-52730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
},
{
"name": "CVE-2023-52756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52756"
},
{
"name": "CVE-2023-52764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52764"
},
{
"name": "CVE-2023-52777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52777"
},
{
"name": "CVE-2023-52791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52791"
},
{
"name": "CVE-2023-52796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52796"
},
{
"name": "CVE-2023-52803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52803"
},
{
"name": "CVE-2023-52811",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52811"
},
{
"name": "CVE-2023-52817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52817"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2023-52834",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52834"
},
{
"name": "CVE-2023-52847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52847"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2024-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
},
{
"name": "CVE-2024-26940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26940"
},
{
"name": "CVE-2024-27395",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27395"
},
{
"name": "CVE-2024-35801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35801"
},
{
"name": "CVE-2024-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
},
{
"name": "CVE-2024-35847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35847"
},
{
"name": "CVE-2024-35912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35912"
},
{
"name": "CVE-2024-35924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35924"
},
{
"name": "CVE-2024-35930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35930"
},
{
"name": "CVE-2024-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35938"
},
{
"name": "CVE-2024-35940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35940"
},
{
"name": "CVE-2024-35952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35952"
},
{
"name": "CVE-2024-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
},
{
"name": "CVE-2024-36016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36016"
},
{
"name": "CVE-2024-36896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36896"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2023-52658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52658"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2024-26844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26844"
},
{
"name": "CVE-2024-26962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26962"
},
{
"name": "CVE-2024-27434",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2024-35810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35810"
},
{
"name": "CVE-2024-35814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35814"
},
{
"name": "CVE-2024-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35824"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2024-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
},
{
"name": "CVE-2024-36020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
},
{
"name": "CVE-2024-36025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36025"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-35807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35807"
},
{
"name": "CVE-2024-35893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35893"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-35897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35897"
},
{
"name": "CVE-2024-35899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
},
{
"name": "CVE-2024-35900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35900"
},
{
"name": "CVE-2024-35910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35910"
},
{
"name": "CVE-2024-35925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35925"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-36960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36960"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2024-38596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38596"
},
{
"name": "CVE-2024-38598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38598"
},
{
"name": "CVE-2024-38627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2023-52648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52648"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-48743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48743"
},
{
"name": "CVE-2022-48747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48747"
},
{
"name": "CVE-2023-52762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52762"
},
{
"name": "CVE-2023-52784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52784"
},
{
"name": "CVE-2023-52845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52845"
},
{
"name": "CVE-2024-26842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26842"
},
{
"name": "CVE-2024-36917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36917"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2024-36978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
},
{
"name": "CVE-2024-38555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38555"
},
{
"name": "CVE-2024-38573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38573"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-26662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26662"
},
{
"name": "CVE-2024-26703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26703"
},
{
"name": "CVE-2024-26818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26818"
},
{
"name": "CVE-2024-26824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26824"
},
{
"name": "CVE-2024-26831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26831"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-27011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-38615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38615"
},
{
"name": "CVE-2024-39276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39276"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-39495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2024-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36010"
},
{
"name": "CVE-2024-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2024-36927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36927"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2021-47018",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47018"
},
{
"name": "CVE-2021-47257",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47257"
},
{
"name": "CVE-2021-47304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47304"
},
{
"name": "CVE-2021-47579",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47579"
},
{
"name": "CVE-2021-47624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47624"
},
{
"name": "CVE-2022-48757",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48757"
},
{
"name": "CVE-2023-52471",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
},
{
"name": "CVE-2023-52775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52775"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2024-39472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2023-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
},
{
"name": "CVE-2023-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2024-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43824"
},
{
"name": "CVE-2024-43833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2021-42694",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42694"
},
{
"name": "CVE-2023-50314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-43832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43832"
},
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-42251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42251"
},
{
"name": "CVE-2021-43980",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43980"
},
{
"name": "CVE-2023-20584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20584"
},
{
"name": "CVE-2023-31356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31356"
},
{
"name": "CVE-2023-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36328"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2023-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5115"
},
{
"name": "CVE-2023-52596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52596"
},
{
"name": "CVE-2023-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5764"
},
{
"name": "CVE-2024-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21529"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-25620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25620"
},
{
"name": "CVE-2024-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26147"
},
{
"name": "CVE-2024-26713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26713"
},
{
"name": "CVE-2024-26721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26721"
},
{
"name": "CVE-2024-26823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26823"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2024-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
},
{
"name": "CVE-2024-42254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42254"
},
{
"name": "CVE-2024-42255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42255"
},
{
"name": "CVE-2024-42256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42256"
},
{
"name": "CVE-2024-42258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42258"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43857"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2024-46982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46982"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-47874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2024-11-08T00:00:00",
"last_revision_date": "2024-11-08T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0958",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174802",
"url": "https://www.ibm.com/support/pages/node/7174802"
},
{
"published_at": "2024-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174634",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"published_at": "2024-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174639",
"url": "https://www.ibm.com/support/pages/node/7174639"
},
{
"published_at": "2024-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7175196",
"url": "https://www.ibm.com/support/pages/node/7175196"
},
{
"published_at": "2024-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7175086",
"url": "https://www.ibm.com/support/pages/node/7175086"
},
{
"published_at": "2024-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7175192",
"url": "https://www.ibm.com/support/pages/node/7175192"
},
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174799",
"url": "https://www.ibm.com/support/pages/node/7174799"
},
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174797",
"url": "https://www.ibm.com/support/pages/node/7174797"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174945",
"url": "https://www.ibm.com/support/pages/node/7174945"
},
{
"published_at": "2024-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174912",
"url": "https://www.ibm.com/support/pages/node/7174912"
},
{
"published_at": "2024-11-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7175166",
"url": "https://www.ibm.com/support/pages/node/7175166"
}
]
}
CERTFR-2024-AVI-0350
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.0.x, migrer sur une version corrigée | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.24 | ||
| IBM | N/A | Db2 Warehouse on Cloud Pak for Data versions antérieures à 4.8.4 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.23 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository version 8.5 sans les derniers correctifs de sécurité | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.7 | ||
| IBM | N/A | Db2 on Cloud Pak for Data versions antérieures à 4.8.4 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.0.x, migrer sur une version corrig\u00e9e",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.24",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository version 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.7",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2022-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"name": "CVE-2017-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11468"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2021-32760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32760"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2023-29827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29827"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
}
],
"initial_release_date": "2024-04-26T00:00:00",
"last_revision_date": "2024-04-26T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0350",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148847 du 19 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148847"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149294 du 23 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149294"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149055 du 22 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149055"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149195 du 23 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149195"
}
]
}
opensuse-su-2024:12135-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
distribution-registry-2.8.1-1.1 on GA media
Notes
Title of the patch
distribution-registry-2.8.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the distribution-registry-2.8.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12135
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "distribution-registry-2.8.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the distribution-registry-2.8.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12135",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12135-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11468 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11468/"
}
],
"title": "distribution-registry-2.8.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12135-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-2.8.1-1.1.aarch64",
"product": {
"name": "distribution-registry-2.8.1-1.1.aarch64",
"product_id": "distribution-registry-2.8.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-2.8.1-1.1.ppc64le",
"product": {
"name": "distribution-registry-2.8.1-1.1.ppc64le",
"product_id": "distribution-registry-2.8.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-2.8.1-1.1.s390x",
"product": {
"name": "distribution-registry-2.8.1-1.1.s390x",
"product_id": "distribution-registry-2.8.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-2.8.1-1.1.x86_64",
"product": {
"name": "distribution-registry-2.8.1-1.1.x86_64",
"product_id": "distribution-registry-2.8.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-2.8.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.aarch64"
},
"product_reference": "distribution-registry-2.8.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-2.8.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.ppc64le"
},
"product_reference": "distribution-registry-2.8.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-2.8.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.s390x"
},
"product_reference": "distribution-registry-2.8.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-2.8.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.x86_64"
},
"product_reference": "distribution-registry-2.8.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11468"
}
],
"notes": [
{
"category": "general",
"text": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.s390x",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11468",
"url": "https://www.suse.com/security/cve/CVE-2017-11468"
},
{
"category": "external",
"summary": "SUSE Bug 1049850 for CVE-2017-11468",
"url": "https://bugzilla.suse.com/1049850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.s390x",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.s390x",
"openSUSE Tumbleweed:distribution-registry-2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-11468"
}
]
}
opensuse-su-2020:1433-1
Vulnerability from csaf_opensuse
Published
2020-09-14 22:22
Modified
2020-09-14 22:22
Summary
Security update for docker-distribution
Notes
Title of the patch
Security update for docker-distribution
Description of the patch
This update for docker-distribution fixes the following issues:
- Enable build on %arm (which include armv6), not only on armv7
- Enable ppc64le
- Use correct URL to project
- Remove fillup, we don't ship a sysconfig file
- Correct systemd requires
- Enable build on ARM
- Upgraded to 2.7.1
- Support for OCI images added
- Fix upgrade issues from 2.6.x
- Update Go version to 1.11
- Switch to multi-stage Dockerfile
- Validations enabled by default with new disabled config option
- Optimize health check performance
- Create separate permission for deleting objects in a repo
- Fix storage driver error propagation for manifest GETs
- Fix forwarded header resolution
- Add prometheus metrics
- Disable schema1 manifest by default
- Graceful shutdown
- TLS: remove ciphers that do not support perfect forward secrecy
- Fix registry stripping newlines from manifests
- Add bugsnag logrus hook
- Support ARM builds
This release is a special security release to address an issue allowing
an attacker to force arbitrarily-sized memory allocations in a registry
instance through the manifest endpoint. The problem has been mitigated
by limiting the size of reads for image manifest content.
Details for mitigation are in 29fa466
Fixes boo#1049850 (CVE-2017-11468)
Fixes boo#1033172
Patchnames
openSUSE-2020-1433
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-distribution",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-distribution fixes the following issues:\n\n- Enable build on %arm (which include armv6), not only on armv7\n\n- Enable ppc64le\n\n- Use correct URL to project\n- Remove fillup, we don\u0027t ship a sysconfig file\n- Correct systemd requires\n- Enable build on ARM\n\n- Upgraded to 2.7.1\n - Support for OCI images added\n - Fix upgrade issues from 2.6.x\n - Update Go version to 1.11\n - Switch to multi-stage Dockerfile\n - Validations enabled by default with new disabled config option\n - Optimize health check performance\n - Create separate permission for deleting objects in a repo\n - Fix storage driver error propagation for manifest GETs\n - Fix forwarded header resolution\n - Add prometheus metrics\n - Disable schema1 manifest by default\n - Graceful shutdown\n - TLS: remove ciphers that do not support perfect forward secrecy\n - Fix registry stripping newlines from manifests\n - Add bugsnag logrus hook\n - Support ARM builds\n\n This release is a special security release to address an issue allowing\n an attacker to force arbitrarily-sized memory allocations in a registry\n instance through the manifest endpoint. The problem has been mitigated\n by limiting the size of reads for image manifest content.\n Details for mitigation are in 29fa466\n Fixes boo#1049850 (CVE-2017-11468)\n Fixes boo#1033172\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1433",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1433-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1433-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MY76ZZYS6OXIXX3XVR5TNDLWGWIO22UJ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1433-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MY76ZZYS6OXIXX3XVR5TNDLWGWIO22UJ/"
},
{
"category": "self",
"summary": "SUSE Bug 1033172",
"url": "https://bugzilla.suse.com/1033172"
},
{
"category": "self",
"summary": "SUSE Bug 1049850",
"url": "https://bugzilla.suse.com/1049850"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11468 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11468/"
}
],
"title": "Security update for docker-distribution",
"tracking": {
"current_release_date": "2020-09-14T22:22:08Z",
"generator": {
"date": "2020-09-14T22:22:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1433-1",
"initial_release_date": "2020-09-14T22:22:08Z",
"revision_history": [
{
"date": "2020-09-14T22:22:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64",
"product": {
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64",
"product_id": "docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le",
"product": {
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le",
"product_id": "docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.s390x",
"product": {
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.s390x",
"product_id": "docker-distribution-registry-2.7.1-bp152.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64",
"product": {
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64",
"product_id": "docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64"
},
"product_reference": "docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le"
},
"product_reference": "docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.s390x as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.s390x"
},
"product_reference": "docker-distribution-registry-2.7.1-bp152.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64"
},
"product_reference": "docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11468"
}
],
"notes": [
{
"category": "general",
"text": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.s390x",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11468",
"url": "https://www.suse.com/security/cve/CVE-2017-11468"
},
{
"category": "external",
"summary": "SUSE Bug 1049850 for CVE-2017-11468",
"url": "https://bugzilla.suse.com/1049850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.s390x",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.aarch64",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.ppc64le",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.s390x",
"SUSE Package Hub 15 SP2:docker-distribution-registry-2.7.1-bp152.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-14T22:22:08Z",
"details": "moderate"
}
],
"title": "CVE-2017-11468"
}
]
}
opensuse-su-2024:10723-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
docker-distribution-registry-2.7.1-7.2 on GA media
Notes
Title of the patch
docker-distribution-registry-2.7.1-7.2 on GA media
Description of the patch
These are all security issues fixed in the docker-distribution-registry-2.7.1-7.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10723
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-distribution-registry-2.7.1-7.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-distribution-registry-2.7.1-7.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10723",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10723-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11468 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11468/"
}
],
"title": "docker-distribution-registry-2.7.1-7.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10723-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.7.1-7.2.aarch64",
"product": {
"name": "docker-distribution-registry-2.7.1-7.2.aarch64",
"product_id": "docker-distribution-registry-2.7.1-7.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.7.1-7.2.ppc64le",
"product": {
"name": "docker-distribution-registry-2.7.1-7.2.ppc64le",
"product_id": "docker-distribution-registry-2.7.1-7.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.7.1-7.2.s390x",
"product": {
"name": "docker-distribution-registry-2.7.1-7.2.s390x",
"product_id": "docker-distribution-registry-2.7.1-7.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.7.1-7.2.x86_64",
"product": {
"name": "docker-distribution-registry-2.7.1-7.2.x86_64",
"product_id": "docker-distribution-registry-2.7.1-7.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.7.1-7.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.aarch64"
},
"product_reference": "docker-distribution-registry-2.7.1-7.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.7.1-7.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.ppc64le"
},
"product_reference": "docker-distribution-registry-2.7.1-7.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.7.1-7.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.s390x"
},
"product_reference": "docker-distribution-registry-2.7.1-7.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.7.1-7.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.x86_64"
},
"product_reference": "docker-distribution-registry-2.7.1-7.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11468"
}
],
"notes": [
{
"category": "general",
"text": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.aarch64",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.ppc64le",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.s390x",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11468",
"url": "https://www.suse.com/security/cve/CVE-2017-11468"
},
{
"category": "external",
"summary": "SUSE Bug 1049850 for CVE-2017-11468",
"url": "https://bugzilla.suse.com/1049850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.aarch64",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.ppc64le",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.s390x",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.aarch64",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.ppc64le",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.s390x",
"openSUSE Tumbleweed:docker-distribution-registry-2.7.1-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-11468"
}
]
}
ghsa-h62f-wm92-2cmw
Vulnerability from github
Published
2022-05-13 01:16
Modified
2023-10-02 16:14
Severity ?
VLAI Severity ?
Summary
Docker Registry has Allocation of Resources Without Limits or Throttling
Details
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Specific Go Packages Affected
github.com/docker/distribution/registry/storage github.com/docker/distribution/registry/handlers
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/distribution"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0-rc.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-11468"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-07T00:04:08Z",
"nvd_published_at": "2017-07-20T23:29:00Z",
"severity": "HIGH"
},
"details": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.\n### Specific Go Packages Affected\ngithub.com/docker/distribution/registry/storage\ngithub.com/docker/distribution/registry/handlers",
"id": "GHSA-h62f-wm92-2cmw",
"modified": "2023-10-02T16:14:52Z",
"published": "2022-05-13T01:16:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11468"
},
{
"type": "WEB",
"url": "https://github.com/distribution/distribution/pull/2340"
},
{
"type": "WEB",
"url": "https://github.com/docker/distribution/pull/2340"
},
{
"type": "WEB",
"url": "https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"type": "PACKAGE",
"url": "https://github.com/distribution/distribution"
},
{
"type": "WEB",
"url": "https://github.com/docker/distribution/releases/tag/v2.6.2"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0072"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Docker Registry has Allocation of Resources Without Limits or Throttling"
}
suse-su-2018:0865-1
Vulnerability from csaf_suse
Published
2018-04-03 16:42
Modified
2018-04-03 16:42
Summary
Security update for docker-distribution
Notes
Title of the patch
Security update for docker-distribution
Description of the patch
This update for docker-distribution fixes the following issues:
Security issues fixed:
- CVE-2017-11468: Fixed a denial of service (memory consumption) via the manifest endpoint (bsc#1049850).
Bug fixes:
- bsc#1083474: docker-distirbution-registry overwrites configuration file with update.
- bsc#1033172: Garbage collector needed - or kindly release docker-distribution-registry in Version 2.4.
- Add SuSEfirewall2 service file for TCP port 5000.
Patchnames
SUSE-SLE-Module-Containers-12-2018-582
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-distribution",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-distribution fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-11468: Fixed a denial of service (memory consumption) via the manifest endpoint (bsc#1049850).\n\nBug fixes:\n\n- bsc#1083474: docker-distirbution-registry overwrites configuration file with update.\n- bsc#1033172: Garbage collector needed - or kindly release docker-distribution-registry in Version 2.4.\n- Add SuSEfirewall2 service file for TCP port 5000.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Containers-12-2018-582",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0865-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0865-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180865-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0865-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003866.html"
},
{
"category": "self",
"summary": "SUSE Bug 1033172",
"url": "https://bugzilla.suse.com/1033172"
},
{
"category": "self",
"summary": "SUSE Bug 1049850",
"url": "https://bugzilla.suse.com/1049850"
},
{
"category": "self",
"summary": "SUSE Bug 1083474",
"url": "https://bugzilla.suse.com/1083474"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11468 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11468/"
}
],
"title": "Security update for docker-distribution",
"tracking": {
"current_release_date": "2018-04-03T16:42:58Z",
"generator": {
"date": "2018-04-03T16:42:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0865-1",
"initial_release_date": "2018-04-03T16:42:58Z",
"revision_history": [
{
"date": "2018-04-03T16:42:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-distribution-registry-2.6.2-13.6.1.x86_64",
"product": {
"name": "docker-distribution-registry-2.6.2-13.6.1.x86_64",
"product_id": "docker-distribution-registry-2.6.2-13.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-distribution-registry-2.6.2-13.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-distribution-registry-2.6.2-13.6.1.x86_64"
},
"product_reference": "docker-distribution-registry-2.6.2-13.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11468"
}
],
"notes": [
{
"category": "general",
"text": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:docker-distribution-registry-2.6.2-13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11468",
"url": "https://www.suse.com/security/cve/CVE-2017-11468"
},
{
"category": "external",
"summary": "SUSE Bug 1049850 for CVE-2017-11468",
"url": "https://bugzilla.suse.com/1049850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:docker-distribution-registry-2.6.2-13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:docker-distribution-registry-2.6.2-13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-03T16:42:58Z",
"details": "moderate"
}
],
"title": "CVE-2017-11468"
}
]
}
fkie_cve-2017-11468
Vulnerability from fkie_nvd
Published
2017-07-20 23:29
Modified
2025-04-20 01:37
Severity ?
Summary
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html | Broken Link | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2603 | Third Party Advisory | |
| cve@mitre.org | https://github.com/docker/distribution/pull/2340 | Third Party Advisory | |
| cve@mitre.org | https://github.com/docker/distribution/releases/tag/v2.6.2 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2603 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/docker/distribution/pull/2340 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/docker/distribution/releases/tag/v2.6.2 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| docker | docker_registry | * | |
| redhat | enterprise_linux_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker_registry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD9E095-2771-4013-B1EB-B00CE7C9CB89",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint."
},
{
"lang": "es",
"value": "Docker Registry anterior a versi\u00f3n 2.6.2 en Docker Distribution, no restringe apropiadamente la cantidad de contenido aceptado por un usuario, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) por medio un endpoint manifest."
}
],
"id": "CVE-2017-11468",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-20T23:29:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/docker/distribution/pull/2340"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/docker/distribution/releases/tag/v2.6.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/docker/distribution/pull/2340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/docker/distribution/releases/tag/v2.6.2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…