CVE-2017-14992

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

References

https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/

https://github.com/moby/moby/issues/35075

Details

Source: MITRE

Published: 2017-11-01

Updated: 2017-11-22

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
143962NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2020-0082)NessusNewStart CGSL Local Security Checks
high
121984Photon OS 2.0: Docker PHSA-2018-2.0-0086NessusPhotonOS Local Security Checks
high
121785Photon OS 1.0: Docker PHSA-2017-1.0-0095NessusPhotonOS Local Security Checks
critical
121488Fedora 28 : 2:docker-latest (2019-723711c645)NessusFedora Local Security Checks
medium
112224Photon OS 2.0: Docker / Python2 / Strongswan PHSA-2018-2.0-0086 (deprecated)NessusPhotonOS Local Security Checks
high
111904Photon OS 1.0: Binutils / Curl / Docker / Linux / Rpm PHSA-2017-1.0-0095 (deprecated)NessusPhotonOS Local Security Checks
critical
106705openSUSE Security Update : docker / docker-runc / containerd / etc (openSUSE-2018-152)NessusSuSE Local Security Checks
medium
106168Amazon Linux AMI : docker (ALAS-2018-941)NessusAmazon Linux Local Security Checks
medium
105127Fedora 26 : 2:docker (2017-3976710f1e)NessusFedora Local Security Checks
medium