CVE-2024-32473

CWE-668Exposure to Wrong Sphere8 documents6 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 73.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Docker/dockerMobyproject MobyMoby Moby
Timeline
PublishedApr 18
Latest updateJun 5

Description

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other host

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

Gogithub.com/docker/docker26.0.026.0.2+1
Debiandocker.io< 26.1.4+dfsg1-9+1
NVDmobyproject/moby26.0.026.0.2
CVEListV5moby/moby>= 26.0.0, < 26.0.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
IPv6 enabled on IPv4-only network interfaces in github.com/docker/docker2024-06-05
OSV
CVE-2024-32473: Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or r2024-04-18
GHSA
IPv6 enabled on IPv4-only network interfaces2024-04-18
CVEList
Moby IPv6 enabled on IPv4-only network interfaces2024-04-18
OSV
IPv6 enabled on IPv4-only network interfaces2024-04-18

📋Vendor Advisories

2
Red Hat
moby: IPv6 enabled on IPv4-only network interfaces2024-04-18
Debian
CVE-2024-32473: docker.io - Moby is an open source container framework that is a key component of Docker Eng...2024
CVE-2024-32473 (MEDIUM CVSS 6.5) | Moby is an open source container fr | cvebase.io