summaryrefslogtreecommitdiffstats
path: root/recipes-containers/docker/docker-ce_git.bb
diff options
context:
space:
mode:
authorNarpat Mali <narpat.mali@windriver.com>2023-07-25 11:53:19 +0000
committerBruce Ashfield <bruce.ashfield@gmail.com>2023-07-25 14:53:37 -0400
commitaf02908efda1580e77b3fdeed25b124a2b8d9482 (patch)
tree24fdc54ec2990bbf82da577f1c3431f47c25a750 /recipes-containers/docker/docker-ce_git.bb
parentb3b3dbc67504e8cd498d6db202ddcf5a9dd26a9d (diff)
downloadmeta-virtualization-af02908efda1580e77b3fdeed25b124a2b8d9482.tar.gz
docker-distribution: fix for CVE-2023-2253
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. References: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'recipes-containers/docker/docker-ce_git.bb')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-13 20:20:55 +0000