CVE-2024-36621

CWE-362Race Condition11 documents8 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 83.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Moby/mobyMobyproject Moby
Timeline
PublishedNov 29
Latest updateMay 1

Description

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Gogithub.com/moby/moby< 26.0.0+1
NVDmobyproject/moby25.0.5
Debiandocker.io< 26.1.4+dfsg1-9+1

Patches

Patch: github.com

🔴Vulnerability Details

6
OSV
docker.io vulnerabilities2025-05-01
OSV
Moby Race Condition vulnerability in github.com/moby/moby2024-12-04
CVEList
CVE-2024-36621: moby v252024-11-29
OSV
Moby Race Condition vulnerability2024-11-29
OSV
CVE-2024-36621: moby v252024-11-29

📋Vendor Advisories

4
Ubuntu
Docker vulnerabilities2025-05-01
Red Hat
moby: Race Condition in Moby's Snapshot Layer Handling2024-11-29
Microsoft
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulti2024-11-12
Debian
CVE-2024-36621: docker.io - moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/sn...2024
CVE-2024-36621 (MEDIUM CVSS 6.5) | moby v25.0.5 is affected by a Race | cvebase.io