CVE-2021-21285
Description
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.168
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.0 | Windows |
| docker.io security update(DSA-4865-1) docker.io_18.09.1+dfsg1-7.1+deb10u3_i386.deb | Linux |
| docker.io security update(DSA-4865-1) docker.io_18.09.1+dfsg1-7.1+deb10u3_amd64.deb | Linux |
| SUSE-SU-2021:0435-1(SUSE Linux Enterprise Module for Containers 15-SP3 ) docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2021:0435-1(SUSE Linux Enterprise Module for Containers 15-SP3 ) docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3.x86_64_15_SP3.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234