PT-2021-3316 · Red Hat+3 · Openshift Container Platform+4

Published

2020-04-28

·

Updated

2021-06-10

·

CVE-2020-1702

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions containers-image versions prior to 5.2.0
Description A malicious container image can cause uncontrolled memory consumption when being pulled to a container runtime host. This can lead to a denial-of-service condition, where an attacker tricks a user with privileges to pull container images into crashing the process responsible for pulling the image. The issue affects Red Hat Enterprise Linux using podman and OpenShift Container Platform.
Recommendations For containers-image versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to pull container images to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2020:1650
BDU:2021-03094
CESA-2020_1650
CVE-2020-1702
RHSA-2020:1227
RHSA-2020:1234
RHSA-2020:1650
RHSA-2020:1937
RHSA-2020:2116
RHSA-2020:2218
RHSA-2020:2681
RHSA-2020_1650
RLSA-2020:1650

Affected Products

Almalinux
Centos
Openshift Container Platform
Red Hat
Rocky Linux