Описание
Moby Docker cp broken with debian containers
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-14271
- https://github.com/moby/moby/issues/39449
- https://github.com/moby/moby/pull/39612
- https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545
- https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b
- https://docs.docker.com/engine/release-notes
- https://seclists.org/bugtraq/2019/Sep/21
- https://security.netapp.com/advisory/ntap-20190828-0003
- https://www.debian.org/security/2019/dsa-4521
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
Пакеты
github.com/docker/docker
>= 19.03.0, < 19.03.1
19.03.1
EPSS
9.3 Critical
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
Связанные уязвимости
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka ...
Уязвимость средства автоматизации развёртывания и управления приложениями в средах с поддержкой контейнеризации Docker, связанная с ошибками управления генерацией кода, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании
EPSS
9.3 Critical
CVSS4
9.8 Critical
CVSS3