6.5

CVE-2021-21285

Docker daemon crash during image pull of malicious image

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DockerDocker Version < 19.03.15
DockerDocker Version >= 20.0.0 < 20.10.3
DebianDebian Linux Version10.0
NetappE-series Santricity Os Controller Version >= 11.0 <= 11.60.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.29% 0.869
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
security-advisories@github.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://www.debian.org/security/2021/dsa-4865
Third Party Advisory
https://docs.docker.com/engine/release-notes/#20103
Vendor Advisory
Release Notes
https://github.com/moby/moby/releases/tag/v19.03.15
Third Party Advisory
Release Notes
https://github.com/moby/moby/releases/tag/v20.10.3
Third Party Advisory
Release Notes
https://security.gentoo.org/glsa/202107-23
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210226-0005/
Third Party Advisory
https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
Patch
Third Party Advisory
https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
Third Party Advisory