Closed
Description
CVE-2018-20699 references github.com/docker/engine, which may be a Go module.
Description:
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
References:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2018-20699
- fix: [18.09] backport fix denial of service with large numbers in cpuset-cpus and cpuset-mems docker-archive/engine#70
- fix: Fix denial of service with large numbers in cpuset-cpus and cpuset-mems moby/moby#37967
- web: https://access.redhat.com/errata/RHSA-2019:0487
- Imported by: https://pkg.go.dev/github.com/docker/engine?tab=importedby
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/docker/engine
vulnerable_at: 1.13.1
packages:
- package: n/a
cves:
- CVE-2018-20699
references:
- fix: https://github.com/docker/engine/pull/70
- fix: https://github.com/moby/moby/pull/37967
- web: https://access.redhat.com/errata/RHSA-2019:0487