Moby
CVE-2024-36621
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
AnalysisAI
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-362. moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. Affected products include: Mobyproject Moby.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Moby is an open source container framework developed by Docker Inc. Rated high severity (CVSS 8.7), this vulnerability i
Moby is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger mult
An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
Moby) is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerabilit
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Rated medium severi
Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),
Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),
Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames,
Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium se
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today