Security Advisories

CGA-f36g-7w73-75hj

Published

Last updated

https://images.chainguard.dev/security/CGA-f36g-7w73-75hj

Package

py3-docker

Latest Update

Not affected

Aliases

CVE-2021-21285
GHSA-6fj5-m822-rqx8

Severity

6.5

Medium

CVSS V3

Summary

moby docker daemon crash during image pull of malicious image

Description

Impact

Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon.

Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

Credits

Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-21285
https://github.com/advisories/GHSA-6fj5-m822-rqx8
https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
https://docs.docker.com/engine/release-notes/#20103
https://github.com/moby/moby/releases/tag/v19.03.15
https://github.com/moby/moby/releases/tag/v20.10.3
https://security.gentoo.org/glsa/202107-23
https://security.netapp.com/advisory/ntap-20210226-0005
https://www.debian.org/security/2021/dsa-4865

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-f36g-7w73-75hj

Severity

Summary

Description

Impact

Patches

Credits

References

Updates

Product

Why Chainguard

Customers

Company

Resources