Vulnerability Report: GO-2021-0072

CVE-2017-11468, GHSA-h62f-wm92-2cmw
Affects: github.com/docker/distribution
Published: Apr 14, 2021
Modified: May 20, 2024

Various storage methods do not impose limits on how much content is accepted from user requests, allowing a malicious user to force the caller to allocate an arbitrary amount of memory.

Affected Packages

Path

Go Versions

Symbols
github.com/docker/distribution/registry/handlers

before v2.7.0-rc.0+incompatible
- App.ServeHTTP
- NewApp
github.com/docker/distribution/registry/storage

before v2.7.0-rc.0+incompatible
- PurgeUploads
- Walk

Aliases

CVE-2017-11468
GHSA-h62f-wm92-2cmw

References

https://github.com/distribution/distribution/pull/2340
https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f
https://access.redhat.com/errata/RHSA-2017:2603
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html
https://vuln.go.dev/ID/GO-2021-0072.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL