Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-1702

Опубликовано: 20 янв. 2020
Источник: redhat
CVSS3: 3.5
EPSS Низкий

Описание

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8container-tools:1.0/buildahFix deferred
Red Hat Enterprise Linux 8container-tools:1.0/podmanFix deferred
Red Hat Enterprise Linux 8container-tools:1.0/skopeoFix deferred
Red Hat Enterprise Linux 8container-tools:2.0/buildahAffected
Red Hat Enterprise Linux 8container-tools:2.0/podmanAffected
Red Hat Enterprise Linux 8container-tools:2.0/skopeoAffected
Red Hat Enterprise Linux 7 ExtraspodmanFixedRHSA-2020:122701.04.2020
Red Hat Enterprise Linux 7 ExtrasdockerFixedRHSA-2020:123401.04.2020
Red Hat Enterprise Linux 7 ExtrasbuildahFixedRHSA-2020:211612.05.2020
Red Hat Enterprise Linux 7 ExtrasskopeoFixedRHSA-2020:268123.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1792796containers/image: Container images read entire image manifest into memory

EPSS

Процентиль: 42%
0.00195
Низкий

3.5 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-1702

CVSS3: 3.3
nvd
около 4 лет назад

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.

github логотип

GHSA-f6vj-xx8j-fqmq

github
около 3 лет назад

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.

oracle-oval логотип

ELSA-2020-2681

oracle-oval
почти 5 лет назад

ELSA-2020-2681: skopeo security and bug fix update (LOW)

fstec логотип

BDU:2021-03094

CVSS3: 3.3
fstec
около 4 лет назад

Уязвимость пакета podman операционной системы Red Hat Enterprise Linux и корпоративной платформы Red Hat OpenShift Container Platform, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

rocky логотип

RLSA-2020:1650

rocky
около 5 лет назад

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

EPSS

Процентиль: 42%
0.00195
Низкий

3.5 Low

CVSS3

Уязвимость CVE-2020-1702