CVE-2020-1702 — Uncontrolled Resource Consumption in Project Containers-image
Severity
3.3LOWNVD
EPSS
0.2%
top 61.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMay 27
Latest updateMay 24
Description
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4
Affected Packages2 packages
Also affects: Enterprise Linux 8.0
🔴Vulnerability Details
2GHSA▶
GHSA-f6vj-xx8j-fqmq: A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux↗2022-05-24
CVEList▶
CVE-2020-1702: A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux↗2021-05-27
📋Vendor Advisories
1💬Community
5Bugzilla▶
CVE-2020-1702 cri-o: containers/image: Container images read entire image manifest into memory [fedora-31]↗2020-01-29
Bugzilla▶
CVE-2020-1702 podman: containers/image: Container images read entire image manifest into memory [fedora-31]↗2020-01-20
Bugzilla▶
CVE-2020-1702 skopeo: containers/image: Container images read entire image manifest into memory [fedora-31]↗2020-01-20
Bugzilla▶
CVE-2020-1702 buildah: containers/image: Container images read entire image manifest into memory [fedora-31]↗2020-01-20
Bugzilla
▶