CVE-2018-1277 — Uncontrolled Resource Consumption in Garden-runc

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 33.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-deployment Cloudfoundry Garden-runc Cloud Foundry Garden-runc

Timeline

PublishedApr 30

Latest updateMay 14

Description

Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcloudfoundry/garden-runc< 1.13.0

▶CVEListV5cloud_foundry/garden-runc1.13.0

▶NVDcloudfoundry/cf-deployment< 1.28.0

🔴Vulnerability Details

GHSA

GHSA-932h-8mcc-v5m6: Cloud Foundry Garden-runC, versions prior to 1↗2022-05-14

▶

CVEList

CVE-2018-1277: Cloud Foundry Garden-runC, versions prior to 1↗2018-04-30

▶