Description Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Exploitability: 3.9 | Impact: 3.6 Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High
Affected Packages3 packages
🔴 Vulnerability Details6 OSV docker-registry vulnerabilities ↗ 2023-09-05 ▶ OSV Docker Registry has Allocation of Resources Without Limits or Throttling ↗ 2022-05-13 ▶ GHSA Docker Registry has Allocation of Resources Without Limits or Throttling ↗ 2022-05-13 ▶ OSV Uncontrolled resource allocation in github.com/docker/distribution ↗ 2021-04-14 ▶ OSV CVE-2017-11468: Docker Registry before 2 ↗ 2017-07-20 ▶ Show 1 more
📋 Vendor Advisories3 Ubuntu Docker Registry vulnerabilities ↗ 2023-09-04 ▶ Red Hat docker-distribution: Does not properly restrict the amount of content accepted from a user ↗ 2017-07-07 ▶ Debian CVE-2017-11468: docker-registry - Docker Registry before 2.6.2 in Docker Distribution does not properly restrict t... ↗ 2017 ▶
💬 Community2 Bugzilla CVE-2017-11468 docker-distribution: Does not properly restrict the amount of content accepted from a user [fedora-all] ↗ 2017-07-25 ▶ Bugzilla CVE-2017-11468 docker-distribution: Does not properly restrict the amount of content accepted from a user ↗ 2017-07-25 ▶