Skip to main content

Moby CVE-2024-36623

HIGH
Race Condition (CWE-362)
2024-11-29 cve@mitre.org
8.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 29, 2024 - 18:15 cve.org
HIGH 8.1

DescriptionCVE.org

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

AnalysisAI

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-362. moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. Affected products include: Mobyproject Moby.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Moby

View all
CVE-2023-28840 HIGH POC
8.7 Apr 04

Moby is an open source container framework developed by Docker Inc. Rated high severity (CVSS 8.7), this vulnerability i

CVE-2023-28841 MEDIUM POC
6.8 Apr 04

Moby is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability

CVE-2018-12608 HIGH
7.5 Sep 10

An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely ex

CVE-2023-28842 MEDIUM
6.8 Apr 04

Moby) is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerabilit

CVE-2024-36621 MEDIUM
6.5 Nov 29

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. Rated medium severity (

CVE-2024-36620 MEDIUM
6.5 Nov 29

moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Rated medium severi

CVE-2022-36109 MEDIUM
6.3 Sep 09

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2021-41091 MEDIUM
6.3 Oct 04

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2021-41089 MEDIUM
6.3 Oct 04

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3),

CVE-2017-16539 MEDIUM
5.9 Nov 04

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames,

CVE-2022-24769 MEDIUM
5.9 Mar 24

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severi

CVE-2022-27652 MEDIUM
5.3 Apr 18

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium se

Share

CVE-2024-36623 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy