30 matches found
CVE-2023-48795 affecting package moby-compose for versions less than 2.17.3-5
CVE-2023-48795 affecting package moby-compose for versions less than 2.17.3-5. A patched version of the package is available...
AZL-39325 CVE-2023-45288 affecting package moby-compose for versions less than 2.17.3-3
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-35583 CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-34081 CVE-2024-23653 affecting package moby-compose for versions less than 2.17.2-7
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
AZL-34080 CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...
AZL-32224 CVE-2023-48795 affecting package moby-compose for versions less than 2.17.3-5
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
CVE-2023-39325 affecting package moby-compose for versions less than 2.17.2-5
CVE-2023-39325 affecting package moby-compose for versions less than 2.17.2-5. A patched version of the package is available...
CVE-2023-44487 affecting package moby-compose for versions less than 2.17.2-5
CVE-2023-44487 affecting package moby-compose for versions less than 2.17.2-5. A patched version of the package is available...
AZL-31645 CVE-2023-39325 affecting package moby-compose for versions less than 2.17.2-5
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-31327 CVE-2023-44487 affecting package moby-compose for versions less than 2.17.2-5
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...