Описание
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
A flaw was found in Moby's builder-next snapshot layer management. This vulnerability allows attackers to trigger resource leaks or exhaustion via concurrent builds calling the EnsureLayer function.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Multicluster Engine for Kubernetes | multicluster-engine/agent-service-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-8-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-9-rhel9 | Not affected | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-rhel8-operator | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Not affected | ||
| Red Hat Ceph Storage 5 | rhceph/rhceph-5-dashboard-rhel8 | Not affected | ||
| Red Hat Ceph Storage 6 | rhceph/rhceph-6-dashboard-rhel9 | Not affected | ||
| Red Hat Ceph Storage 7 | rhceph/grafana-rhel9 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-agent-installer-api-server-rhel8 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-console | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
moby v25.0.5 is affected by a Race Condition in builder/builder-next/a ...
EPSS
5.3 Medium
CVSS3