Описание
A flaw was found in the /v2/_catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: n). This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 2.8.2+ds1-1build1 |
| esm-apps/bionic | released | 2.6.2~ds1-1ubuntu0.1~esm1 |
| esm-apps/focal | released | 2.7.1+ds2-7ubuntu0.3 |
| esm-apps/jammy | released | 2.8.0+ds1-4ubuntu0.1~esm2 |
| esm-apps/noble | not-affected | 2.8.2+ds1-1build1 |
| esm-apps/xenial | released | 2.3.0~ds1-1ubuntu0.1~esm1 |
| focal | released | 2.7.1+ds2-7ubuntu0.3 |
| jammy | needed | |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
Ссылки на источники
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
A flaw was found in the `/v2/_catalog` endpoint in distribution/distri ...
6.5 Medium
CVSS3