CVE-2017-11468

Impact:
Low
Public Date:
2017-07-07
CWE:
CWE-770
Bugzilla:
1474893: CVE-2017-11468 docker-distribution: Does not properly restrict the amount of content accepted from a user
It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service.

Find out more about CVE-2017-11468 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 Extras (docker-distribution) RHSA-2017:2603 2017-09-05

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 kubernetes Not affected

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.