x/vulndb: potential Go vuln in github.com/docker/engine: CVE-2018-20699 #2219

tatianab · 2023-11-08T22:02:41Z

CVE-2018-20699 references github.com/docker/engine, which may be a Go module.

Description:
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

References:

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/docker/engine
      vulnerable_at: 1.13.1
      packages:
        - package: n/a
cves:
    - CVE-2018-20699
references:
    - fix: https://github.com/docker/engine/pull/70
    - fix: https://github.com/moby/moby/pull/37967
    - web: https://access.redhat.com/errata/RHSA-2019:0487

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-11-08T22:29:00Z

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports

tatianab added the excluded: LEGACY_FALSE_POSITIVE (DO NOT USE) Vulnerability marked as false positive before we introduced the triage process label Nov 8, 2023

gopherbot closed this as completed in 497caf9 Nov 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/docker/engine: CVE-2018-20699 #2219

x/vulndb: potential Go vuln in github.com/docker/engine: CVE-2018-20699 #2219

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023

x/vulndb: potential Go vuln in github.com/docker/engine: CVE-2018-20699 #2219

x/vulndb: potential Go vuln in github.com/docker/engine: CVE-2018-20699 #2219

Comments

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023