PT-2017-12034 · Docker+3 · Docker Registry+3

Stephen J Day

+1

·

Publicado

2017-07-20

·

Atualizado

2024-06-15

·

CVE-2017-11468

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Docker Registry versions prior to 2.6.2
Description The issue allows remote attackers to cause a denial of service due to memory consumption. This is achieved via the "manifest endpoint". Various storage methods do not impose limits on the amount of content accepted from user requests, enabling a malicious user to force the caller to allocate an arbitrary amount of memory.
Recommendations For Docker Registry versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the manifest endpoint to minimize the risk of exploitation.

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

CVE-2017-11468
GHSA-H62F-WM92-2CMW
GO-2021-0072
OPENSUSE-SU-2020:1433-1
OPENSUSE-SU-2024:10723-1
OPENSUSE-SU-2024:12135-1
RHSA-2017:2603
SUSE-SU-2018:0865-1
SUSE-SU-2018_0865-1
USN-6336-1

Produtos afetados

Docker Registry
Linuxmint
Suse
Ubuntu