CVE-2017-14992

EPSS 0.18%
Published 01.11.2017 17:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Docker ≫ Docker SwEditioncommunity Version <= 1.10.3

Docker ≫ Docker Version1.12.6-0 SwEditioncommunity

Docker ≫ Docker Version17.03.0 SwEditioncommunity

Docker ≫ Docker Version17.03.1 SwEditioncommunity

Docker ≫ Docker Version17.03.2 SwEditioncommunity

Docker ≫ Docker Version17.06.0 SwEditioncommunity

Docker ≫ Docker Version17.06.1 SwEditioncommunity

Docker ≫ Docker Version17.06.2 SwEditioncommunity

Docker ≫ Docker Version17.09.0 SwEditioncommunity

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.4

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/

Third Party Advisory

URL Repurposed

https://github.com/moby/moby/issues/35075

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-14992

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14992

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14992

EUVD