CVE-2024-36623

EUVD-2024-3403
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
mobyprojectmoby
𝑥
≤ 25.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
docker.io
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
27.5.1+dfsg4-1
fixed
sid
27.5.1+dfsg4-1
fixed
trixie
26.1.5+dfsg1-9
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
docker
Amazon Linux 2023
0:25.0.6-1.amzn2023.0.1
fixed
docker-debuginfo
Amazon Linux 2023
0:25.0.6-1.amzn2023.0.1
fixed
docker-debugsource
Amazon Linux 2023
0:25.0.6-1.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
docker-cli
Azure Linux 3.0
0:25.0.3-3.azl3
fixed
moby-cli
CBL-Mariner 2.0
0:24.0.9-5.cm2
fixed
moby-compose
CBL-Mariner 2.0
0:2.17.3-8.cm2
fixed
moby-engine
Azure Linux 3.0
0:25.0.3-8.azl3
fixed
CBL-Mariner 2.0
0:24.0.9-11.cm2
fixed