Docker docker:18.09.1-dind

Vulnerabilities

 3 via 10 paths

Dependencies

 38

Source

 Group 6 Copy Created with Sketch. Docker

Target OS

 alpine:3.8.2
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 1
  • 2
Status
  • 3
  • 0
  • 0

high severity

Out-of-bounds Write

  • Vulnerable module: musl/musl
  • Introduced through: musl/musl@1.1.19-r10 and musl/musl-utils@1.1.19-r10
  • Fixed in: 1.1.19-r11

Detailed paths

  • Introduced through: docker:18.09.1-dind@* musl/musl@1.1.19-r10
  • Introduced through: docker:18.09.1-dind@* musl/musl-utils@1.1.19-r10

Overview

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

References

Out-of-bounds Write vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: e2fsprogs/e2fsprogs
  • Introduced through: e2fsprogs/e2fsprogs@1.44.2-r0, e2fsprogs/e2fsprogs-extra@1.44.2-r0 and others
  • Fixed in: 1.44.2-r1

Detailed paths

  • Introduced through: docker:18.09.1-dind@* e2fsprogs/e2fsprogs@1.44.2-r0
  • Introduced through: docker:18.09.1-dind@* e2fsprogs/e2fsprogs-extra@1.44.2-r0
  • Introduced through: docker:18.09.1-dind@* e2fsprogs/e2fsprogs-libs@1.44.2-r0
  • Introduced through: docker:18.09.1-dind@* e2fsprogs/libcom_err@1.44.2-r0

Overview

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

References

Out-of-bounds Write vulnerability report

medium severity

Out-of-bounds Write

  • Vulnerable module: e2fsprogs/e2fsprogs
  • Introduced through: e2fsprogs/e2fsprogs@1.44.2-r0, e2fsprogs/e2fsprogs-extra@1.44.2-r0 and others
  • Fixed in: 1.44.2-r2

Detailed paths

  • Introduced through: docker:18.09.1-dind@* e2fsprogs/e2fsprogs@1.44.2-r0
  • Introduced through: docker:18.09.1-dind@* e2fsprogs/e2fsprogs-extra@1.44.2-r0
  • Introduced through: docker:18.09.1-dind@* e2fsprogs/e2fsprogs-libs@1.44.2-r0
  • Introduced through: docker:18.09.1-dind@* e2fsprogs/libcom_err@1.44.2-r0

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade e2fsprogs to version or higher.

References

Out-of-bounds Write vulnerability report