Moby
CVE-2024-36620
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
AnalysisAI
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Affected products include: Mobyproject Moby.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
Moby is an open source container framework developed by Docker Inc. Rated high severity (CVSS 8.7), this vulnerability i
Moby is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger mult
An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
Moby) is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerabilit
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. Rated medium severity (
Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),
Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),
Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames,
Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium se
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today