CVE-2017-11468: Allocation of Resources Without Limits or Throttling
(updated )
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
References
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html
- access.redhat.com/errata/RHSA-2017:2603
- github.com/advisories/GHSA-h62f-wm92-2cmw
- github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f
- github.com/distribution/distribution/pull/2340
- github.com/docker/distribution/pull/2340
- github.com/docker/distribution/releases/tag/v2.6.2
- nvd.nist.gov/vuln/detail/CVE-2017-11468
- pkg.go.dev/vuln/GO-2021-0072
Detect and mitigate CVE-2017-11468 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →