High severity7.5NVD Advisory· Published Jul 20, 2017· Updated Jun 17, 2026
CVE-2017-11468
CVE-2017-11468
Description
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/docker/distributionGo | < 2.7.0-rc.0 | 2.7.0-rc.0 |
Affected products
7- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- ghsa-coords5 versionspkg:golang/github.com/docker/distributionpkg:rpm/opensuse/distribution-registry&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/docker-distribution-registry&distro=openSUSE%20Tumbleweedpkg:rpm/suse/docker-distribution&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker-distribution&distro=SUSE%20Package%20Hub%2015%20SP2
< 2.7.0-rc.0+ 4 more
- (no CPE)range: < 2.7.0-rc.0
- (no CPE)range: < 2.8.1-1.1
- (no CPE)range: < 2.7.1-7.2
- (no CPE)range: < 2.6.2-13.6.1
- (no CPE)range: < 2.7.1-bp152.4.3.1
Patches
Vulnerability mechanics
References
9- access.redhat.com/errata/RHSA-2017:2603nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-h62f-wm92-2cmwghsaADVISORY
- github.com/docker/distribution/pull/2340nvdThird Party AdvisoryWEB
- github.com/docker/distribution/releases/tag/v2.6.2nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-11468ghsaADVISORY
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.htmlnvdBroken LinkWEB
- github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0fghsaWEB
- github.com/distribution/distribution/pull/2340ghsaWEB
- pkg.go.dev/vuln/GO-2021-0072ghsaWEB
News mentions
0No linked articles in our index yet.