docker-distribution: fix for CVE-2023-2253 - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2023-07-24 08:43:18 +0000
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2023-07-25 14:53:03 -0400
commit	af74c007c8b5e287703c8daa0ca803d5f4b1430c (patch)
tree	652a84a6e40b8308732698c4698ef2ffd8411a33 /recipes-networking/openvswitch/files/openvswitch-example
parent	84f5cb62de4c639817ebd5534d240b9cf78a1b32 (diff)
download	meta-virtualization-af74c007c8b5e287703c8daa0ca803d5f4b1430c.tar.gz

docker-distribution: fix for CVE-2023-2253

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. References: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Diffstat (limited to 'recipes-networking/openvswitch/files/openvswitch-example')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: