CVE-2017-14992
Last modified
CVE-2017-14992 is a vulnerability of currently unknown severity. Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.. EPSS estimates a 2.47% chance of exploitation in the next 30 days.
Description
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Docker | Docker | <= 1.10.3 |
| Docker | Docker | 1.12.6-0 |
| Docker | Docker | 17.03.0 |
| Docker | Docker | 17.03.1 |
| Docker | Docker | 17.03.2 |
| Docker | Docker | 17.06.0 |
| Docker | Docker | 17.06.1 |
| Docker | Docker | 17.06.2 |
| Docker | Docker | 17.09.0 |
References
- https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/Third Party Advisory, URL Repurposed
- https://github.com/moby/moby/issues/35075Issue Tracking
- https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/Third Party Advisory, URL Repurposed
- https://github.com/moby/moby/issues/35075Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-14992?
How severe is CVE-2017-14992?
How do I fix CVE-2017-14992?
Are you affected by CVE-2017-14992?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST