CGA-3jqx-m5x7-q8mq

Published

Last updated

https://images.chainguard.dev/security/CGA-3jqx-m5x7-q8mq

Package

docker-machine-driver-harvester

RepositoryWolfi

Latest Update

Pending upstream fix

Aliases

CVE-2021-21285
GHSA-6fj5-m822-rqx8

Severity

Unknown

Summary

moby docker daemon crash during image pull of malicious image

Description

Impact

Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon.

Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

Credits

Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-21285
https://github.com/advisories/GHSA-6fj5-m822-rqx8
https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
https://docs.docker.com/engine/release-notes/#20103
https://github.com/moby/moby/releases/tag/v19.03.15
https://github.com/moby/moby/releases/tag/v20.10.3
https://security.gentoo.org/glsa/202107-23
https://security.netapp.com/advisory/ntap-20210226-0005
https://www.debian.org/security/2021/dsa-4865

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-3jqx-m5x7-q8mq

Severity

Summary

Description

Impact

Patches

Credits

References

Updates

Products

Why Chainguard

Customers

Company

Resources