CVE-2024-36623

CWE-362Race Condition11 documents8 sources
Severity
8.1HIGH
EPSS
0.1%
top 83.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Moby/mobyMobyproject Moby
Timeline
PublishedNov 29
Latest updateMay 1

Description

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

Gogithub.com/moby/moby< 25.0.4+1
NVDmobyproject/moby25.0.3
Debiandocker.io< 26.1.4+dfsg1-9+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
docker.io vulnerabilities2025-05-01
OSV
Moby Race Condition vulnerability in github.com/moby/moby2024-12-04
CVEList
CVE-2024-36623: moby through v252024-11-29
OSV
CVE-2024-36623: moby through v252024-11-29
GHSA
Moby Race Condition vulnerability2024-11-29

📋Vendor Advisories

4
Ubuntu
Docker vulnerabilities2025-05-01
Red Hat
moby: Race Condition in Moby's streamformatter Package2024-11-29
Microsoft
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application cra2024-11-12
Debian
CVE-2024-36623: docker.io - moby through v25.0.3 has a Race Condition vulnerability in the streamformatter p...2024
CVE-2024-36623 (HIGH CVSS 8.1) | moby through v25.0.3 has a Race Con | cvebase.io