CVE-2016-6595

Name of the Vulnerable Software and Affected Versions SwarmKit toolkit version 1.12.0 for Docker

Description The issue allows remote authenticated users to cause a denial of service, specifically the prevention of cluster joins, via a long sequence of join and quit actions. The vendor disputes this issue, stating it is a resource provisioning problem rather than a security vulnerability, as nodes are required to provide a secret token and thus an adversary cannot simply join nodes and exhaust manager resources. The vendor also notes that at some point, the manager stops being able to accept new nodes due to running out of memory, which is seen as a limitation of resource provisioning rather than a security flaw.

Recommendations For SwarmKit toolkit version 1.12.0, consider monitoring resource usage to prevent managers from running out of memory, which can stop them from accepting new nodes. As a temporary workaround, consider implementing measures to limit the rate of join and quit actions to prevent exhaustion of manager resources. At the moment, there is no information about a newer version that contains a fix for this issue.