N4Ss

**Name of the Vulnerable Software and Affected Versions** Docker-CE (Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier **Description** The issue is related to a lack of content verification, allowing a remote attacker to cause a Denial of Service via a crafted image layer payload, also known as gzip bombing. **Recommendations** For Docker-CE (Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.