CVE-2017-14992

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-14992

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14992.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-14992

Related

Published

2017-11-01T17:29:00Z

Modified

2025-02-14T10:14:59.058509Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

References

Affected packages

Debian:11 / docker.io

Package

Name: docker.io
Purl: pkg:deb/debian/docker.io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.03.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / docker.io

Package

Name: docker.io
Purl: pkg:deb/debian/docker.io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.03.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / docker.io

Package

Name: docker.io
Purl: pkg:deb/debian/docker.io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.03.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / golang-github-vbatts-tar-split

Package

Name: golang-github-vbatts-tar-split
Purl: pkg:deb/debian/golang-github-vbatts-tar-split?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-github-vbatts-tar-split

Package

Name: golang-github-vbatts-tar-split
Purl: pkg:deb/debian/golang-github-vbatts-tar-split?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-github-vbatts-tar-split

Package

Name: golang-github-vbatts-tar-split
Purl: pkg:deb/debian/golang-github-vbatts-tar-split?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/docker/docker

Affected ranges

Type: GIT
Repo: https://github.com/docker/docker
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

20f81dde9bd97c86b2d0e33bbbf1388018611929

Last affected

5f70730d579a1c9d48a2d4259f57fb698960baf4

Last affected

60ccb2265b0574d6c1c1090876a1d1ab32bed60e

Last affected

91437e70a02d6292a9e706378df34a67d5f7371e

Last affected

9ae42ade4abd3cf2c57c475c2e800bb3a1a62158

Last affected

9c5bb024df387b67bb07251265394b87c18014e4

Last affected

c6d412e329c85f32a4b2269b49aaa0794affcf88

Last affected

f5ec1e2936dcbe7b5001c2b817188b095c700c27

Type: GIT
Repo: https://github.com/docker/docker-ce
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

02c1d876176546b5f069dae758d6a7d2ead6bd48

Last affected

874a7374f31c77aca693d025101b2de1b20b96c2

Last affected

afdb6d44a80f777069885a9ee0e0f86cf841b1bb

Last affected

cec0b72a9940e047e945a09e1febd781e88366d6

Affected versions

0.*

0.0.3

Other

autorun/1

docs-v1.*

docs-v1.12.0-rc4-2016-07-15

upstream/0.*

upstream/0.1.1

upstream/0.1.2

upstream/0.1.3

upstream/0.1.4

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.10.0

v0.11.0

v0.11.1

v0.12.0

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.7.0

v0.7.0-rc5

v0.7.0-rc6

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.8.0

v0.8.1

v0.9.0

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.13.0

v1.13.0-rc1

v1.13.0-rc2

v1.13.0-rc3

v1.13.0-rc4

v1.13.0-rc5

v1.13.0-rc6

v1.13.0-rc7

v1.13.1

v1.13.1-rc1

v1.13.1-rc2

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.4.1

v17.*

v17.03.0-ce

v17.03.0-ce-rc1

v17.06.0-ce

v17.06.0-ce-rc1

v17.06.0-ce-rc2

v17.06.0-ce-rc3

v17.06.0-ce-rc4

v17.06.0-ce-rc5

v17.09.0-ce

v17.09.0-ce-rc1

v17.09.0-ce-rc2

v17.09.0-ce-rc3