Lucene search
Hashim Jawad (@ihack4falafel)ZDI-22-1303HistorySep 29, 2022 - 12:00 a.m.
Docker Desktop Link Following Denial-of-Service Vulnerability
2022-09-2900:00:00
Hashim Jawad (@ihack4falafel)
www.zerodayinitiative.com
11
docker desktop
denial-of-service
vulnerability
local attackers
low-privileged code
symbolic link
service abuse
0.001 Low
EPSS
Percentile
47.0%
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Docker Desktop Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Related
nvd
nvd
CVE-2022-23774
2022-02-01 06:15:06
CVE-2022-25365
2022-02-19 02:15:06
nessus
nessus
Docker Desktop < 4.5.0 Incorrect File Permissions
2023-09-15 00:00:00
zdi
zdi
cve
cve
CVE-2022-23774
2022-02-01 06:15:06
CVE-2022-25365
2022-02-19 02:15:06
prion
prion
Code injection
2022-02-01 06:15:00
Code injection
2022-02-19 02:15:00
cvelist
cvelist
CVE-2022-23774
2022-02-01 05:30:18
CVE-2022-25365
2022-02-19 01:56:06