Skip to main content

Moby CVE-2024-36620

MEDIUM
NULL Pointer Dereference (CWE-476)
2024-11-29 cve@mitre.org
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 29, 2024 - 18:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.

AnalysisAI

moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Affected products include: Mobyproject Moby.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

More in Moby

View all
CVE-2023-28840 HIGH POC
8.7 Apr 04

Moby is an open source container framework developed by Docker Inc. Rated high severity (CVSS 8.7), this vulnerability i

CVE-2023-28841 MEDIUM POC
6.8 Apr 04

Moby is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability

CVE-2024-36623 HIGH
8.1 Nov 29

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger mult

CVE-2018-12608 HIGH
7.5 Sep 10

An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely ex

CVE-2023-28842 MEDIUM
6.8 Apr 04

Moby) is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerabilit

CVE-2024-36621 MEDIUM
6.5 Nov 29

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. Rated medium severity (

CVE-2022-36109 MEDIUM
6.3 Sep 09

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2021-41091 MEDIUM
6.3 Oct 04

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2021-41089 MEDIUM
6.3 Oct 04

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2017-16539 MEDIUM
5.9 Nov 04

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames,

CVE-2022-24769 MEDIUM
5.9 Mar 24

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi

CVE-2022-27652 MEDIUM
5.3 Apr 18

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium se

Share

CVE-2024-36620 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy