CVE-2014-9357Improper Authorization in Docker Docker

CWE-264CWE-285Improper Authorization11 documents7 sources
Severity
10.0CRITICALNVD
EPSS
36.2%
top 2.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Docker DockerDocker
Timeline
PublishedDec 16
Latest updateAug 21

Description

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDdocker/docker1.3.2

🔴Vulnerability Details

5
OSV
Arbitrary Code Execution in github.com/docker/docker2024-08-21
GHSA
Arbitrary Code Execution2022-02-15
OSV
Arbitrary Code Execution2022-02-15
OSV
CVE-2014-9357: Docker 12014-12-16
CVEList
CVE-2014-9357: Docker 12014-12-16

📋Vendor Advisories

2
Red Hat
docker: Escalation of privileges during decompression of LZMA archives2014-12-11
Debian
CVE-2014-9357: docker.io - Docker 1.3.2 allows remote attackers to execute arbitrary code with root privile...2014

💬Community

3
Bugzilla
CVE-2014-9357 CVE-2014-9356 CVE-2014-9358 docker-io: various flaws [epel-6]2014-12-11
Bugzilla
CVE-2014-9357 CVE-2014-9356 CVE-2014-9358 docker-io: various flaws [fedora-all]2014-12-11
Bugzilla
CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives2014-12-10
CVE-2014-9357 — Improper Authorization in Docker Docker | cvebase