Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2017-14992

Published: 01/11/2017 Updated: 14/02/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Docker

Vulnerability Summary

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and previous versions allows a remote malicious user to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

docker docker

docker docker 1.12.6-0

docker docker 17.03.0

docker docker 17.03.1

docker docker 17.03.2

docker docker 17.06.0

docker docker 17.06.1

docker docker 17.06.2

docker docker 17.09.0

Vendor Advisories

Debian CVElist Bug Report Logs: docker.io: CVE-2017-14992
Debian Bug report logs - #908055 dockerio: CVE-2017-14992 Package: dockerio; Maintainer for dockerio is Dmitry Smirnov <onlyjob@debianorg>; Source for dockerio is src:dockerio (PTS, buildd, popcon) Reported by: Antoine Beaupre <anarcat@orangeseedsorg> Date: Wed, 5 Sep 2018 14:36:05 UTC Severity: grave Tags: ...
Amazon Linux AMI: ALAS-2018-941
Lack of content verification in Docker-CE (Also known as Moby) versions 1126-0, 1103, 17030, 17031, 17032, 17060, 17061, 17062, 17090, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing (CVE-2017-14992) ...
Amazon Linux 2: ALAS2NITRO-ENCLAVES-2021-006
Lack of content verification in Docker-CE (Also known as Moby) versions 1126-0, 1103, 17030, 17031, 17032, 17060, 17061, 17062, 17090, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing (CVE-2017-14992) ...
Amazon Linux 2: ALAS2DOCKER-2021-006
Lack of content verification in Docker-CE (Also known as Moby) versions 1126-0, 1103, 17030, 17031, 17032, 17060, 17061, 17062, 17090, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing (CVE-2017-14992) ...
Red Hat: CVE-2017-14992
Lack of content verification in Docker-CE (Also known as Moby) versions 1126-0, 1103, 17030, 17031, 17032, 17060, 17061, 17062, 17090, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing ...

Github Repositories

https://github.com/pyperanger/dockerevil

WorldFirst (Public) Docker API Exploit - My security researches involving Docker and Openshift

dockerevil A simple repository to store my security flaws in the docker technology 2016 - 2017 Docker API Privilege Escalation(LPE/RPE) Escalate from Offline Server/Minimal Images/Build from TAR Dockerfile Docker SUDO Privilege Escalation (PoC) Nmap Scripts 2019 CodeStudent1995 Based Exploit OpenShift Privilege Escalation(oc) Other awesome security flaws found in the do

References

CWE-20https://github.com/moby/moby/issues/35075https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055https://nvd.nist.govhttps://github.com/pyperanger/dockerevilhttps://alas.aws.amazon.com/ALAS-2018-941.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook