CVE-2020-13401

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

References

Affected packages

Git / github.com/docker-archive/docker-ce

Affected ranges

Type

GIT

Repo

https://github.com/docker-archive/docker-ce

Events

Introduced

Fixed

42e35e61f352e527082521280d5ea3761f0dee50

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "19.03.11"
        }
    ]
}

Affected versions

v19.*

v19.03.0

v19.03.0-beta1

v19.03.0-beta2

v19.03.0-beta3

v19.03.0-beta4

v19.03.0-beta5

v19.03.0-rc2

v19.03.0-rc3

v19.03.10

v19.03.2

v19.03.2-beta1

v19.03.2-rc1

v19.03.3

v19.03.3-beta1

v19.03.3-beta2

v19.03.3-rc1

v19.03.4

v19.03.4-rc1

v19.03.5

v19.03.5-beta1

v19.03.5-beta2

v19.03.5-rc1

v19.03.6

v19.03.6-rc1

v19.03.6-rc2

v19.03.7

v19.03.8

v19.03.9

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13401.json"