Описание
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
A flaw was found in Moby. This vulnerability allows an attacker to cause a NULL pointer dereference, potentially leading to a denial of service via improper handling in the image history functionality.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Multicluster Engine for Kubernetes | multicluster-engine/agent-service-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-8-rhel8 | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-9-rhel9 | Affected | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-rhel8-operator | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Not affected | ||
| Red Hat Ceph Storage 5 | rhceph/rhceph-5-dashboard-rhel8 | Not affected | ||
| Red Hat Ceph Storage 6 | rhceph/rhceph-6-dashboard-rhel9 | Not affected | ||
| Red Hat Ceph Storage 7 | rhceph/grafana-rhel9 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-console | Not affected | ||
| Red Hat OpenShift Container Platform 4.16 | openshift4/ose-agent-installer-api-server-rhel9 | Fixed | RHSA-2025:3301 | 03.04.2025 |
Показывать по
10
Ссылки на источники
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2329534github.com/moby/moby: NULL Pointer Dereference in Moby
6.5 Medium
CVSS3
6.5 Medium
CVSS3