Medium severity6.5NVD Advisory· Published Nov 1, 2017· Updated May 13, 2026
CVE-2017-14992
CVE-2017-14992
Description
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/vbatts/tar-splitGo | < 0.10.2 | 0.10.2 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/nvdThird Party AdvisoryURL Repurposed
- github.com/advisories/GHSA-hqwh-8xv9-42hwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-14992ghsaADVISORY
- github.com/moby/moby/issues/35075nvdIssue TrackingWEB
- github.com/vbatts/tar-split/pull/42ghsaWEB
- github.com/vbatts/tar-split/releases/tag/v0.10.2ghsaWEB
- web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992ghsaWEB
News mentions
0No linked articles in our index yet.