Moderate severityNVD Advisory· Published Dec 30, 2020· Updated Aug 4, 2024
CVE-2020-27534
CVE-2020-27534
Description
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/moby/mobyGo | < 19.03.9 | 19.03.9 |
github.com/docker/dockerGo | < 19.03.9 | 19.03.9 |
Affected products
41- Docker Engine/Docker Enginedescription
- osv-coords40 versionspkg:apk/chainguard/dockerpkg:apk/chainguard/docker-config-mirror-gcrpkg:apk/chainguard/dockerdpkg:apk/chainguard/docker-dindpkg:apk/chainguard/docker-dind-compatpkg:apk/chainguard/dockerd-oci-entrypointpkg:apk/chainguard/dockerd-servicepkg:apk/chainguard/docker-initpkg:apk/chainguard/docker-machine-driver-harvesterpkg:apk/chainguard/docker-modprobe-compatpkg:apk/chainguard/docker-oci-entrypointpkg:apk/chainguard/docker-rootlesspkg:apk/chainguard/py3.10-dockerpkg:apk/chainguard/py3.11-dockerpkg:apk/chainguard/py3.12-dockerpkg:apk/chainguard/py3.13-dockerpkg:apk/chainguard/py3-dockerpkg:apk/chainguard/py3-supported-dockerpkg:apk/chainguard/rancher-machinepkg:apk/wolfi/dockerpkg:apk/wolfi/docker-config-mirror-gcrpkg:apk/wolfi/dockerdpkg:apk/wolfi/docker-dindpkg:apk/wolfi/docker-dind-compatpkg:apk/wolfi/dockerd-oci-entrypointpkg:apk/wolfi/dockerd-servicepkg:apk/wolfi/docker-initpkg:apk/wolfi/docker-machine-driver-harvesterpkg:apk/wolfi/docker-modprobe-compatpkg:apk/wolfi/docker-oci-entrypointpkg:apk/wolfi/docker-rootlesspkg:apk/wolfi/py3.10-dockerpkg:apk/wolfi/py3.11-dockerpkg:apk/wolfi/py3.12-dockerpkg:apk/wolfi/py3.13-dockerpkg:apk/wolfi/py3-dockerpkg:apk/wolfi/py3-supported-dockerpkg:apk/wolfi/rancher-machinepkg:golang/github.com/docker/dockerpkg:golang/github.com/moby/moby
< 0+ 39 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.0.5-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.15.0.137-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.0.5-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.15.0.137-r0
- (no CPE)range: < 19.03.9
- (no CPE)range: < 19.03.9
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-6hwg-w5jg-9c6xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-27534ghsaADVISORY
- web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notesghsaWEB
- web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes/mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/moby/buildkit/pull/1462ghsax_refsource_MISCWEB
- github.com/moby/moby/pull/40877ghsax_refsource_MISCWEB
- golang.org/pkg/io/ioutil/mitrex_refsource_MISC
- golang.org/pkg/os/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.