CVE-2017-11468
First published: Thu Jul 20 2017(Updated: )
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/docker-registry | <2.3.0~ | 2.3.0~ |
| ubuntu/docker-registry | <2.6.2~ | 2.6.2~ |
| <=2.6.1 | ||
| =7.0 | ||
| Docker Docker Registry | <=2.6.1 | |
| Redhat Enterprise Linux Server | =7.0 | |
| redhat/docker-registry | <2.6.2 | 2.6.2 |
| go/github.com/docker/distribution | <2.7.0-rc.0 | 2.7.0-rc.0 |
| debian/docker-registry | 2.6.2~ds1-2 2.6.2~ds1-2+deb10u1 2.7.1+ds2-7+deb11u1 2.8.2+ds1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2017-11468
- https://github.com/docker/distribution/pull/2340
- https://access.redhat.com/errata/RHSA-2017:2603
- https://github.com/docker/distribution/releases/tag/v2.6.2
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html
- https://github.com/distribution/distribution/pull/2340
- https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f
- https://pkg.go.dev/vuln/GO-2021-0072
- https://github.com/advisories/GHSA-h62f-wm92-2cmw (Advisory)
- https://launchpad.net/bugs/cve/CVE-2017-11468
- https://github.com/docker/distribution/commit/29fa466debaabb64f8559116bbffd20a289d523c
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1474894
- https://bugzilla.redhat.com/show_bug.cgi?id=1474893
- https://security-tracker.debian.org/tracker/CVE-2017-11468
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11468
- https://ubuntu.com/security/notices/USN-6336-1
- https://ubuntu.com/security/CVE-2017-11468
Frequently Asked Questions
What is CVE-2017-11468?
CVE-2017-11468 is a vulnerability in Docker Registry before version 2.6.2 in Docker Distribution that allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
How severe is CVE-2017-11468?
CVE-2017-11468 has a severity rating of 7.5 out of 10, which is considered high.
How can I fix CVE-2017-11468?
To fix CVE-2017-11468, update Docker Registry to version 2.7.0-rc.0 or higher.
Where can I find more information about CVE-2017-11468?
You can find more information about CVE-2017-11468 at the following references: [GitHub Pull Request](https://github.com/docker/distribution/pull/2340), [GitHub Release](https://github.com/docker/distribution/releases/tag/v2.6.2), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2017:2603).
What is the CWE ID for CVE-2017-11468?
The CWE ID for CVE-2017-11468 is 770.
- collector/github-advisory-latest
- alias/GHSA-h62f-wm92-2cmw
- alias/CVE-2017-11468
- collector/github-advisory
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- package-manager/go
- vendor/docker
- canonical/docker docker registry
- version/docker docker registry/2.6.1
- vendor/redhat
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- package-manager/debian
- package-manager/ubuntu
- package-manager/redhat