VYPR
Get started
← All advisories
High severity7.8NVD Advisory· Published Nov 13, 2017· Updated May 13, 2026

CVE-2017-14388

CVE-2017-14388

Description

Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.

Affected products

27
  • Pivotal Software/Grootfs27 versions
    cpe:2.3:a:pivotal_software:grootfs:0.10.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:pivotal_software:grootfs:0.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.16.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.17.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.18.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.19.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.20.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.21.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.24.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.25.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.26.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.27.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.28.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.28.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.29.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:grootfs:0.9.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.