CVE-2017-14992

Published Nov 1, 2017

Last updated 9 months ago

CVSS medium 6.5

Overview

Description: Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE591C14-3685-468F-82F6-66D8C8345A44",
            "versionEndIncluding": "1.10.3"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8C5AD32-AF7A-434D-A60A-E2EF8A696D52"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57021B99-94F4-40BD-9E2F-BD27904C98A2"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45128BF6-D780-42F3-8C1C-57D037616A64"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A15C4D3-3DBE-4C6B-89B9-9BDA6B8645FB"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47671AEE-DE9E-4BC4-99B2-C3356DCEE8B0"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCFBF621-562E-4CC6-9F56-BB764B9DAD40"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAA1799F-F848-47BF-99D8-87E0A142DBAB"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCA8B266-883A-482E-B756-1F0F8A4BFF46"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References