CVE-2014-9356

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:P

Name of the Vulnerable Software and Affected Versions Docker versions prior to 1.3.3

Description The issue allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an image or build in a Dockerfile. This is achieved by exploiting a path traversal vulnerability.

Recommendations For Docker versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of symlinks in images and builds to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2014-9356

GHSA-VJ3F-3286-R4PF

GO-2022-0751

OPENSUSE-SU-2024:10532-1

OPENSUSE-SU-2025:15589-1

RHSA-2015:0623

SUSE-SU-2015_0082-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

Affected Products

Docker

Suse

CVE-2014-9356

Weakness Enumeration

Related Identifiers

Affected Products

References · 268