Docker docker:19-dind-rootless

Vulnerabilities

2 via 2 paths

Dependencies

57

Source

Group 6 Copy Created with Sketch. Docker

Target OS

alpine:3.13.5
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 2
Status
  • 2
  • 0
  • 0

low severity
new

CVE-2021-36222

  • Vulnerable module: krb5/krb5-libs
  • Introduced through: krb5/krb5-libs@1.18.3-r1
  • Fixed in: 1.18.4-r0

Detailed paths

  • Introduced through: docker:19-dind-rootless@* krb5/krb5-libs@1.18.3-r1

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5 package. See Remediation section below for Alpine:3.13 relevant versions.

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Remediation

Upgrade Alpine:3.13 krb5 to version 1.18.4-r0 or higher.

References

low severity

CVE-2021-24032

  • Vulnerable module: zstd/zstd-libs
  • Introduced through: zstd/zstd-libs@1.4.5-r3
  • Fixed in: 1.4.9-r0

Detailed paths

  • Introduced through: docker:19-dind-rootless@* zstd/zstd-libs@1.4.5-r3

NVD Description

Note: Versions mentioned in the description apply to the upstream zstd package. See Remediation section below for Alpine:3.13 relevant versions.

None

Remediation

Upgrade Alpine:3.13 zstd to version 1.4.9-r0 or higher.