CVE-2014-9358Improper Input Validation in Docker Docker

CWE-20Improper Input ValidationCWE-59Link Following12 documents8 sources
Severity
6.4MEDIUMNVD
EPSS
0.4%
top 42.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Docker DockerDocker
Timeline
PublishedDec 16
Latest updateAug 21

Description

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDdocker/docker1.3.2

🔴Vulnerability Details

5
OSV
Directory Traversal in Docker in github.com/docker/docker2024-08-21
OSV
Directory Traversal in Docker2022-02-15
GHSA
Directory Traversal in Docker2022-02-15
OSV
CVE-2014-9358: Docker before 12014-12-16
CVEList
CVE-2014-9358: Docker before 12014-12-16

📋Vendor Advisories

3
Microsoft
CVE-2014-9358: NIST NVD Details: https://nvd2021-07-13
Red Hat
docker: Path traversal and spoofing opportunities presented through image identifiers2014-12-11
Debian
CVE-2014-9358: docker.io - Docker before 1.3.3 does not properly validate image IDs, which allows remote at...2014

💬Community

3
Bugzilla
CVE-2014-9357 CVE-2014-9356 CVE-2014-9358 docker-io: various flaws [epel-6]2014-12-11
Bugzilla
CVE-2014-9357 CVE-2014-9356 CVE-2014-9358 docker-io: various flaws [fedora-all]2014-12-11
Bugzilla
CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers2014-12-10
CVE-2014-9358 — Improper Input Validation | cvebase