CVE-2024-36623
Public on 2024-11-29
Modified on 2024-12-10
Description
moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | docker | No Fix Planned | ||
| Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | docker | Pending Fix | ||
| Amazon Linux 2 - Docker Extra | docker | Pending Fix | ||
| Amazon Linux 2 - Ecs Extra | docker | Pending Fix | ||
| Amazon Linux 2023 | docker | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.8 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
| NVD | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |