PT-2020-3631 · Docker+2 · Docker Engine+3

Etienne Champetier

·

Published

2020-06-02

·

Updated

2026-05-18

·

CVE-2020-13401

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Docker Engine versions prior to 19.03.11
Description The issue is related to a lack of input validation in the CAP NET RAW component of Docker Engine, which can be exploited by a remote attacker to gain access to sensitive information, compromise data integrity, and cause a denial of service. An attacker with the CAP NET RAW capability in a container can craft IPv6 router advertisements to spoof external IPv6 hosts.
Recommendations For Docker Engine versions prior to 19.03.11, update to version 19.03.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CAP NET RAW capability in containers to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2020-2124
ALT-PU-2020-2125
ALT-PU-2020-2986
ALT-PU-2020-2987
ALT-PU-2020-3028
ALT-PU-2020-3029
BDU:2020-03978
CLEANSTART-2026-BK59402
CLEANSTART-2026-BN11148
CLEANSTART-2026-GY69323
CLEANSTART-2026-HI89495
CLEANSTART-2026-HL71566
CLEANSTART-2026-JD48541
CLEANSTART-2026-OS18490
CLEANSTART-2026-SB85645
CLEANSTART-2026-SP51034
CLEANSTART-2026-TD34476
CLEANSTART-2026-XL45869
CLEANSTART-2026-YB44027
CLEANSTART-2026-ZM20570
CVE-2020-13401
DSA-4716-1
GHSA-QRRC-WW9X-R43G
MGASA-2020-0279
OPENSUSE-SU-2020:0846-1
OPENSUSE-SU-2020_0846-1
OPENSUSE-SU-2024:10722-1
OPENSUSE-SU-2025:15589-1
SUSE-SU-2020:1657-1
SUSE-SU-2020:1657-2
SUSE-SU-2020:1664-1
SUSE-SU-2020_1657-1
SUSE-SU-2020_1657-2
SUSE-SU-2020_1664-1
SUSE-SU-2025:03540-1
SUSE-SU-2025:03545-1

Affected Products

Alt Linux
Docker
Docker Engine
Suse