CVE-2021-21285
Docker daemon crash during image pull of malicious image
In short
A specially crafted Docker image manifest can crash the Docker daemon when pulled, disrupting container operations on the affected system.
Technical detail
The dockerd daemon fails to properly validate malformed image manifests during pull operations, allowing an attacker to trigger a denial-of-service condition. The vulnerability requires the ability to distribute or host a malicious image manifest that the daemon will attempt to pull, resulting in daemon termination.
Summary generated and translated by AI from the official description.
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
moby · mobyWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.docker.com/engine/release-notes/#20103https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30https://github.com/moby/moby/releases/tag/v19.03.15https://github.com/moby/moby/releases/tag/v20.10.3https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8https://security.gentoo.org/glsa/202107-23https://security.netapp.com/advisory/ntap-20210226-0005/https://www.debian.org/security/2021/dsa-4865