10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.6%
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/docker/docker | lt | 1.3.3 |
www.securityfocus.com/archive/1/534215/100/0/threaded
github.com/advisories/GHSA-997c-fj8j-rq5h
github.com/docker/docker/compare/aef842e7dfb534aba22c3c911de525ce9ac12b72...313a1b7620910e47d888f8b0a6a5eb06ad9c1ff2
github.com/moby/moby/blob/master/CHANGELOG.md#133-2014-12-11
groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
nvd.nist.gov/vuln/detail/CVE-2014-9357
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9357