Docker docker:19-dind

Vulnerabilities

3 via 3 paths

Dependencies

50

Source

Group 6 Copy Created with Sketch. Docker

Target OS

alpine:3.13.5
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 1
  • 2
Status
  • 3
  • 0
  • 0

high severity
new

NULL Pointer Dereference

  • Vulnerable module: krb5/krb5-libs
  • Introduced through: krb5/krb5-libs@1.18.3-r1
  • Fixed in: 1.18.4-r0

Detailed paths

  • Introduced through: docker:19-dind@* krb5/krb5-libs@1.18.3-r1

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5 package. See Remediation section below for Alpine:3.13 relevant versions.

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Remediation

Upgrade Alpine:3.13 krb5 to version 1.18.4-r0 or higher.

References

low severity
new

CVE-2021-36159

  • Vulnerable module: apk-tools/apk-tools
  • Introduced through: apk-tools/apk-tools@2.12.5-r0
  • Fixed in: 2.12.6-r0

Detailed paths

  • Introduced through: docker:19-dind@* apk-tools/apk-tools@2.12.5-r0

NVD Description

Note: Versions mentioned in the description apply to the upstream apk-tools package. See Remediation section below for Alpine:3.13 relevant versions.

None

Remediation

Upgrade Alpine:3.13 apk-tools to version 2.12.6-r0 or higher.

low severity

CVE-2021-24032

  • Vulnerable module: zstd/zstd-libs
  • Introduced through: zstd/zstd-libs@1.4.5-r3
  • Fixed in: 1.4.9-r0

Detailed paths

  • Introduced through: docker:19-dind@* zstd/zstd-libs@1.4.5-r3

NVD Description

Note: Versions mentioned in the description apply to the upstream zstd package. See Remediation section below for Alpine:3.13 relevant versions.

None

Remediation

Upgrade Alpine:3.13 zstd to version 1.4.9-r0 or higher.