CVE-2016-6595Docker vulnerability

CWE-3997 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 29.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
DockerDebian Docker.io
Timeline
PublishedJan 4
Latest updateMay 17

Description

The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret to

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDdocker/docker1.12.0

🔴Vulnerability Details

1
GHSA
GHSA-669g-g3v8-296m: ** DISPUTED ** The SwarmKit toolkit 12022-05-17

📋Vendor Advisories

2
Red Hat
docker: DoS via repeatedly joining and quitting swarm cluster as a node2016-07-29
Debian
CVE-2016-6595: docker.io - The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to caus...2016

💬Community

3
Bugzilla
CVE-2016-6595 docker: DoS via repeatedly joining and quitting swarm cluster as a node2016-08-04
Bugzilla
CVE-2016-6595 docker: DoS via repeatedly joining and quitting swarm cluster as a node [fedora-all]2016-08-04
Bugzilla
CVE-2016-6595 docker: DoS via repeatedly joining and quitting swarm cluster as a node [epel-6]2016-08-04