AZL-53813

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53813.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-53813

Upstream

CVE-2024-36621

Published

2024-11-29T18:15:07Z

Modified

2026-04-01T05:16:36.580405Z

Summary

CVE-2024-36621 affecting package moby-engine for versions less than 24.0.9-13

Details

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-36621

Affected packages

Azure Linux:2 / moby-engine

Package

Name: moby-engine
Purl: pkg:rpm/azure-linux/moby-engine

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.0.9-13

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53813.json"