CVE-2021-21285
published 2021-02-02CVE-2021-21285: In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | docker.io | < docker.io 20.10.3+dfsg1-1 (bookworm) | docker.io 20.10.3+dfsg1-1 (bookworm) |
| docker | docker | < 19.03.15 | 19.03.15 |
| docker | docker | >= 20.0.0 < 20.10.3 | 20.10.3 |
| github.com | moby_moby | >= 0 < 19.3.15 | 19.3.15 |
| github.com | moby_moby | >= 20.10.0-beta1 < 20.10.3 | 20.10.3 |
| moby | moby | < 19.03.15 | 19.03.15 |
| moby | moby | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_moby-buildx_0.4.1+azure-3_on_cbl_mariner_1.0 | — | — |
| msrc | cm1_moby-cli_19.03.15+azure-2_on_cbl_mariner_1.0 | — | — |
| msrc | cm1_moby-engine_19.03.15+azure-2_on_cbl_mariner_1.0 | — | — |
| netapp | e-series_santricity_os_controller | 11.0 – 11.60.3 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM