docker-distribution: fix for CVE-2023-2253 - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2023-07-25 11:53:19 +0000
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2023-07-25 14:53:37 -0400
commit	af02908efda1580e77b3fdeed25b124a2b8d9482 (patch)
tree	24fdc54ec2990bbf82da577f1c3431f47c25a750 /README
parent	b3b3dbc67504e8cd498d6db202ddcf5a9dd26a9d (diff)
download	meta-virtualization-af02908efda1580e77b3fdeed25b124a2b8d9482.tar.gz

docker-distribution: fix for CVE-2023-2253

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. References: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Diffstat (limited to 'README')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: