CVE-2019-14271 — Improper Initialization in Docker Docker

CWE-665 — Improper Initialization CWE-94 — Code Injection CWE-426 — Untrusted Search Path14 documents9 sources

Severity

9.8CRITICALNVD

EPSS

72.2%

top 1.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Docker Docker Github.com Moby Moby Docker +2 more

Timeline

PublishedJul 29

Latest updateJun 28

Description

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDdocker/docker19.03 — 19.03.1

▶Gogithub.com/docker_docker19.03.0 — 19.03.1+1

▶Gogithub.com/moby_moby< 20.10.0-beta1+incompatible

▶NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

Moby Docker cp broken with debian containers in github.com/docker/docker↗2024-06-28

▶

GHSA

Moby Docker cp broken with debian containers↗2022-05-24

▶

OSV

Moby Docker cp broken with debian containers↗2022-05-24

▶

CVEList

CVE-2019-14271: In Docker 19↗2019-07-29

▶

OSV

CVE-2019-14271: In Docker 19↗2019-07-29

▶

📋Vendor Advisories

Red Hat

docker: nsswitch based config loaded inside chroot under Glibc↗2019-07-30

▶

Debian

CVE-2019-14271: docker.io - In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), c...↗2019

▶

🕵️Threat Intelligence

Unit42

Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271↗2019-11-19

▶

Unit42

Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271↗2019-11-19

▶

💬Community

Bugzilla

CVE-2019-14271 docker: nsswitch based config loaded inside chroot under Glibc [fedora-all]↗2019-08-30

▶

Bugzilla

CVE-2019-14271 docker: nsswitch based config loaded inside chroot under Glibc↗2019-08-30

▶

Bugzilla

CVE-2019-14271 docker: nsswitch based config loaded inside chroot under Glibc [openstack-rdo]↗2019-08-30

▶