Описание
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | kubernetes | Not affected | ||
| Red Hat Enterprise Linux 7 Extras | docker-distribution | Fixed | RHSA-2017:2603 | 05.09.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Docker Registry before 2.6.2 in Docker Distribution does not properly ...
EPSS
5.3 Medium
CVSS3