CVE-2020-14300

CWE-273 CWE-2716 documents6 sources

Severity

8.8HIGH

EPSS

0.3%

top 49.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Docker Docker Redhat Enterprise Linux Server

Timeline

PublishedJul 13

Latest updateMay 24

Description

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116).…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

▶NVDredhat/enterprise_linux_server7.0

▶CVEListV5dockerversion 1.13.1-108.git4ef4b30 shipped in Red Hat Enterprise Linux 7

▶NVDdocker/docker1.13.1

🔴Vulnerability Details

GHSA

GHSA-26mh-fmrh-48w9: The docker packages version docker-1↗2022-05-24

▶

CVEList

CVE-2020-14300: The docker packages version docker-1↗2020-07-13

▶

📋Vendor Advisories

Red Hat

docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc↗2020-06-23

▶

Debian

CVE-2020-14300: docker.io - The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red...↗2020

▶

💬Community

Bugzilla

CVE-2020-14300 docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc↗2020-06-19

▶