OESA-2024-2526

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.(CVE-2024-36621)

moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.(CVE-2024-36623)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / docker

Package

Name: docker
Purl: pkg:rpm/openEuler/docker&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

engine-18.09.0-270.oe2003sp4

Ecosystem specific

{
    "x86_64": [
        "docker-engine-18.09.0-270.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "docker-engine-18.09.0-270.oe2003sp4.src.rpm"
    ],
    "aarch64": [
        "docker-engine-18.09.0-270.oe2003sp4.aarch64.rpm"
    ]
}