CVE-2021-21285
02.02.2021, 18:15
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.Enginsight
| Vendor | Product | Version |
|---|---|---|
| docker | docker | 𝑥 < 19.03.15 |
| docker | docker | 20.0.0 ≤ 𝑥 < 20.10.3 |
| debian | debian_linux | 10.0 |
| netapp | e-series_santricity_os_controller | 11.0 ≤ 𝑥 ≤ 11.60.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| docker.io |
|
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-754 - Improper Check for Unusual or Exceptional ConditionsThe software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
References