CVE-2021-21285

 

Published at: - 02-02-2021 07:15

Last modified: - 25-10-2022 02:55

Total changes: - 8

Description

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://docs.docker.com/engine/release-notes/#20103
• https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
• https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
• https://github.com/moby/moby/releases/tag/v19.03.15
• https://github.com/moby/moby/releases/tag/v20.10.3
• https://security.netapp.com/advisory/ntap-20210226-0005/
• DSA-4865-Third Party Advisory
• GLSA-202107-23-Patch, Third Party Advisory

 

Keywords

NVD

 

CVE-2021-21285

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures