cbcvebase.
CVE-2014-9357
published 2014-12-16

CVE-2014-9357: Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz)…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
6.45%
92.9th percentile
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

Affected

3 ranges
VendorProductVersion rangeFixed in
debiandocker.io< docker.io 1.3.3~dfsg1-1 (bookworm)docker.io 1.3.3~dfsg1-1 (bookworm)
dockerdocker
github.comdocker_docker>= 0 < 1.3.31.3.3

Detection & IOCsextracted from sources · hover to see the quote

  • Flag Docker pull or build operations that unpack LZMA (.xz) archives, especially where the chroot environment for extraction may be escaped. Monitor for unexpected root-level process execution spawned from Docker image extraction workflows.
  • Only Docker 1.3.2 is vulnerable. Identify hosts running Docker 1.3.2 as a priority for investigation and patching.
  • ·The vulnerability is specific to Docker 1.3.2 only; the chroot-for-archive-extraction feature introduced in that version is the root cause. Docker 1.3.3 and later are not affected.
  • ·Red Hat notes this flaw is not known to be exploitable under any supported scenario when untrusted images are not used, but still recommends upgrading.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.