Docker docker:18.09.1-rc1-dind

Vulnerabilities

4 via 11 paths

Dependencies

38

Source

Group 6 Copy Created with Sketch. Docker

Target OS

alpine:3.8.2
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 1
  • 3
Status
  • 4
  • 0
  • 0

high severity

Out-of-bounds Write

  • Vulnerable module: musl/musl
  • Introduced through: musl/musl@1.1.19-r10 and musl/musl-utils@1.1.19-r10
  • Fixed in: 1.1.19-r11

Detailed paths

  • Introduced through: docker:18.09.1-rc1-dind@* musl/musl@1.1.19-r10
  • Introduced through: docker:18.09.1-rc1-dind@* musl/musl-utils@1.1.19-r10

Overview

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: e2fsprogs/e2fsprogs
  • Introduced through: e2fsprogs/e2fsprogs@1.44.2-r0, e2fsprogs/e2fsprogs-extra@1.44.2-r0 and others
  • Fixed in: 1.44.2-r1

Detailed paths

  • Introduced through: docker:18.09.1-rc1-dind@* e2fsprogs/e2fsprogs@1.44.2-r0
  • Introduced through: docker:18.09.1-rc1-dind@* e2fsprogs/e2fsprogs-extra@1.44.2-r0
  • Introduced through: docker:18.09.1-rc1-dind@* e2fsprogs/e2fsprogs-libs@1.44.2-r0
  • Introduced through: docker:18.09.1-rc1-dind@* e2fsprogs/libcom_err@1.44.2-r0

Overview

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: e2fsprogs/e2fsprogs
  • Introduced through: e2fsprogs/e2fsprogs@1.44.2-r0, e2fsprogs/e2fsprogs-extra@1.44.2-r0 and others
  • Fixed in: 1.44.2-r2

Detailed paths

  • Introduced through: docker:18.09.1-rc1-dind@* e2fsprogs/e2fsprogs@1.44.2-r0
  • Introduced through: docker:18.09.1-rc1-dind@* e2fsprogs/e2fsprogs-extra@1.44.2-r0
  • Introduced through: docker:18.09.1-rc1-dind@* e2fsprogs/e2fsprogs-libs@1.44.2-r0
  • Introduced through: docker:18.09.1-rc1-dind@* e2fsprogs/libcom_err@1.44.2-r0

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade e2fsprogs to version or higher.

References

medium severity

Reachable Assertion

  • Vulnerable module: krb5/krb5-libs
  • Introduced through: krb5/krb5-libs@1.15.3-r0
  • Fixed in: 1.15.4-r0

Detailed paths

  • Introduced through: docker:18.09.1-rc1-dind@* krb5/krb5-libs@1.15.3-r0

Overview

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

References