CVE-2020-27534

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-27534

Severity

Unknown

Description

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

References

https://images.chainguard.dev/security/CGA-3m6r-4f9x-77mh
https://github.com/advisories/GHSA-6hwg-w5jg-9c6x
https://images.chainguard.dev/security/CGA-r9gh-4c9m-fm8g
https://images.chainguard.dev/security/CGA-757p-6hmf-7jxq
https://images.chainguard.dev/security/CGA-8vh4-qc29-cxjw
http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes/
https://github.com/moby/buildkit/pull/1462
https://github.com/moby/moby/pull/40877
https://golang.org/pkg/io/ioutil/#TempDir
https://golang.org/pkg/os/#TempDir

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2020-27534

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources