Skip to main content

Moby CVE-2024-36621

MEDIUM
Race Condition (CWE-362)
2024-11-29 cve@mitre.org
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 29, 2024 - 18:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

AnalysisAI

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-362. moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. Affected products include: Mobyproject Moby.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Moby

View all
CVE-2023-28840 HIGH POC
8.7 Apr 04

Moby is an open source container framework developed by Docker Inc. Rated high severity (CVSS 8.7), this vulnerability i

CVE-2023-28841 MEDIUM POC
6.8 Apr 04

Moby is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability

CVE-2024-36623 HIGH
8.1 Nov 29

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger mult

CVE-2018-12608 HIGH
7.5 Sep 10

An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely ex

CVE-2023-28842 MEDIUM
6.8 Apr 04

Moby) is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerabilit

CVE-2024-36620 MEDIUM
6.5 Nov 29

moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Rated medium severi

CVE-2022-36109 MEDIUM
6.3 Sep 09

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2021-41091 MEDIUM
6.3 Oct 04

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2021-41089 MEDIUM
6.3 Oct 04

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2017-16539 MEDIUM
5.9 Nov 04

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames,

CVE-2022-24769 MEDIUM
5.9 Mar 24

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi

CVE-2022-27652 MEDIUM
5.3 Apr 18

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium se

Share

CVE-2024-36621 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy