Medium severity6.5NVD Advisory· Published Nov 1, 2017· Updated Jun 17, 2026
CVE-2017-14992
CVE-2017-14992
Description
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/vbatts/tar-splitGo | < 0.10.2 | 0.10.2 |
Affected products
39cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*+ 8 more
- cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*
- cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*
- cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*
- cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*
- cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*
- cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*
- cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*
- cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*
- cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*range: <=1.10.3
- ghsa-coords30 versionspkg:golang/github.com/vbatts/tar-splitpkg:rpm/opensuse/docker&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/docker-stable&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/docker-stable&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/skopeo&distro=openSUSE%20Tumbleweedpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/containerd&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker-runc&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/docker-stable&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP7pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20OpenStack%20Cloud%206
< 0.10.2+ 29 more
- (no CPE)range: < 0.10.2
- (no CPE)range: < 20.10.6_ce-2.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-15.1
- (no CPE)range: < 0.0.20250424T181457-1.1
- (no CPE)range: < 1.2.3-1.2
- (no CPE)range: < 0.2.9+gitr706_06b9cb351610-16.8.1
- (no CPE)range: < 0.2.9+gitr706_06b9cb351610-16.8.1
- (no CPE)range: < 17.09.1_ce-98.8.1
- (no CPE)range: < 17.09.1_ce-98.8.1
- (no CPE)range: < 1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1
- (no CPE)range: < 1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-1.20.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-1.20.1
- (no CPE)range: < 0.7.0.1+gitr2066_7b2b1feb1de4-10.1
- (no CPE)range: < 0.7.0.1+gitr2066_7b2b1feb1de4-10.1
Patches
Vulnerability mechanics
References
7- blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/nvdThird Party AdvisoryURL Repurposed
- github.com/advisories/GHSA-hqwh-8xv9-42hwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-14992ghsaADVISORY
- github.com/moby/moby/issues/35075nvdIssue TrackingWEB
- github.com/vbatts/tar-split/pull/42ghsaWEB
- github.com/vbatts/tar-split/releases/tag/v0.10.2ghsaWEB
- web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992ghsaWEB
News mentions
0No linked articles in our index yet.