rpm package
suse/docker-distribution&distro=SUSE Linux Enterprise Module for Containers 12
pkg:rpm/suse/docker-distribution&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2253 | — | < 2.6.2-13.9.1 | 2.6.2-13.9.1 | Jun 6, 2023 | A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all | ||
| CVE-2017-11468 | Hig | 7.5 | < 2.6.2-13.6.1 | 2.6.2-13.6.1 | Jul 20, 2017 | Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. | |
| CVE-2017-8932 | Med | 5.9 | < 2.6.1-15.2 | 2.6.1-15.2 | Jul 6, 2017 | A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input |
- CVE-2023-2253Jun 6, 2023affected < 2.6.2-13.9.1fixed 2.6.2-13.9.1
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all
- affected < 2.6.2-13.6.1fixed 2.6.2-13.6.1
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
- affected < 2.6.1-15.2fixed 2.6.1-15.2
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input