CVE-2017-11468
Description
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.442
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2017:2603) Low: docker-distribution security, bug fix, and enhancement update docker-distribution-2.6.2-1.git48294d9.el7.x86_64.rpm | Linux |
| Docker toolset to pack, ship, store, and deliver content (USN-6336-1) docker-registry_2.7.1+ds2-7ubuntu0.3_amd64.deb | Linux |
| Docker toolset to pack, ship, store, and deliver content (USN-6336-1) docker-registry_2.8.1+ds1-2ubuntu1.1_amd64.deb | Linux |
| Docker toolset to pack, ship, store, and deliver content (USN-6336-1) docker-registry_2.3.0~ds1-1_i386.deb | Linux |
| Docker toolset to pack, ship, store, and deliver content (USN-6336-1) docker-registry_2.3.0~ds1-1_amd64.deb | Linux |
| Docker toolset to pack, ship, store, and deliver content (USN-6336-1) docker-registry_2.6.2~ds1-1_i386.deb | Linux |
| Docker toolset to pack, ship, store, and deliver content (USN-6336-1) docker-registry_2.6.2~ds1-1_amd64.deb | Linux |
| Docker toolset to pack, ship, store, and deliver content (USN-6336-1) docker-registry_2.8.0+ds1-4_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234