Published: 12/01/2019 Updated: 14/03/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Docker Engine prior to 18.09 allows malicious users to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

Vulnerable Product	Search on Vulmon	Subscribe to Product
docker engine
redhat enterprise linux server 7.0

Docker Engine before 1809 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unixgo, pkg/parsers/parsersgo, and pkg/sysinfo/sysinfogo (CVE-2018-20699) A command injection flaw was discovered in Docker during the `docker build` comman ...

CWE-400 https://github.com/moby/moby/pull/37967 https://github.com/docker/engine/pull/70 https://access.redhat.com/errata/RHSA-2019:0487 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-003.html

CVE-2018-20699

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect