CVE-2020-1702
Description
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
Risk Information
Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.169
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:1227) podman security, bug fix, and enhancement update podman-1.6.4-16.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:1227) podman security, bug fix, and enhancement update podman-docker-1.6.4-16.el7_8.noarch.rpm | Linux |
| (RHSA-2020:1234) docker security and bug fix update docker-1.13.1-161.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:1234) docker security and bug fix update docker-client-1.13.1-161.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:1234) docker security and bug fix update docker-common-1.13.1-161.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:1234) docker security and bug fix update docker-logrotate-1.13.1-161.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:1234) docker security and bug fix update docker-lvm-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:1234) docker security and bug fix update docker-novolume-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:1234) docker security and bug fix update docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:1234) docker security and bug fix update docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2116) buildah security and bug fix update buildah-1.11.6-11.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2681) skopeo security and bug fix update containers-common-0.1.40-11.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2681) skopeo security and bug fix update skopeo-0.1.40-11.el7_8.x86_64.rpm | Linux |
| Aardvark-dns update (ELSA-2023-6939) aardvark-dns-1.7.0-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Buildah update (ELSA-2023-6939) buildah-1.31.3-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Buildah-tests update (ELSA-2023-6939) buildah-tests-1.31.3-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Cockpit-podman update (ELSA-2023-6939) cockpit-podman-75-1.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| Conmon update (ELSA-2023-6939) conmon-2.1.8-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Container-selinux update (ELSA-2023-6939) container-selinux-2.221.0-1.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| Containernetworking-plugins update (ELSA-2023-6939) containernetworking-plugins-1.3.0-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Containers-common update (ELSA-2023-6939) containers-common-1-54.0.1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Crit update (ELSA-2023-6939) crit-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Criu update (ELSA-2023-6939) criu-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Criu-devel update (ELSA-2023-6939) criu-devel-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Criu-libs update (ELSA-2023-6939) criu-libs-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Crun update (ELSA-2023-6939) crun-1.8.7-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Fuse-overlayfs update (ELSA-2023-6939) fuse-overlayfs-1.12-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Libslirp update (ELSA-2023-6939) libslirp-4.4.0-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Libslirp-devel update (ELSA-2023-6939) libslirp-devel-4.4.0-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Netavark update (ELSA-2023-6939) netavark-1.7.0-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Oci-seccomp-bpf-hook update (ELSA-2023-6939) oci-seccomp-bpf-hook-1.2.9-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman update (ELSA-2023-6939) podman-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-catatonit update (ELSA-2023-6939) podman-catatonit-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-docker update (ELSA-2023-6939) podman-docker-4.6.1-4.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| Podman-gvproxy update (ELSA-2023-6939) podman-gvproxy-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-plugins update (ELSA-2023-6939) podman-plugins-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-remote update (ELSA-2023-6939) podman-remote-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Podman-tests update (ELSA-2023-6939) podman-tests-4.6.1-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Python3-criu update (ELSA-2023-6939) python3-criu-3.18-4.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Python3-podman update (ELSA-2023-6939) python3-podman-4.6.0-1.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| Runc update (ELSA-2023-6939) runc-1.1.9-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Skopeo update (ELSA-2023-6939) skopeo-1.13.3-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Skopeo-tests update (ELSA-2023-6939) skopeo-tests-1.13.3-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Slirp4netns update (ELSA-2023-6939) slirp4netns-1.2.1-1.module+el8.9.0+90021+ce997450.x86_64.rpm | Linux |
| Udica update (ELSA-2023-6939) udica-0.2.6-20.module+el8.9.0+90021+ce997450.noarch.rpm | Linux |
| container-tools:rhel8 security, bug fix, and enhancement update (RLSA-2020:1650) toolbox-0.0.7-1.module+el8.5.0+770+e2f49861.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234