CVE-2024-36623

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: moby version 25.0.3

Description: The issue is related to a Race Condition in the streamformatter package, which can be exploited to trigger multiple concurrent write operations. This can result in data corruption or application crashes. The vulnerability can be used by a remote attacker to cause a denial of service.

Recommendations: For moby version 25.0.3, apply the available patch immediately to resolve the issue. As a temporary workaround, consider restricting access to the streamformatter package to minimize the risk of exploitation.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

AZL-53801

AZL-53804

AZL-53819

AZL-53824

AZL-53827

BDU:2024-10797

CVE-2024-36623

GHSA-GH5C-3H97-2F3Q

GO-2024-3305

OESA-2024-2507

OESA-2024-2526

OESA-2024-2527

OESA-2024-2555

OESA-2024-2556

OESA-2024-2557

OPENSUSE-SU-2024:14567-1

USN-7474-1

Affected Products

Astra Linux

Debian

Docker

Linuxmint

Red Os

Ubuntu

Moby

Streamformatter

CVE-2024-36623

Weakness Enumeration

Related Identifiers

Affected Products

References · 75