Skip to content

Commit

Permalink
add some missing moby/docker cve records
Browse files Browse the repository at this point in the history
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
westonsteimel committed Dec 5, 2024
1 parent 2f32f08 commit 93d995b
Show file tree
Hide file tree
Showing 3 changed files with 171 additions and 0 deletions.
46 changes: 46 additions & 0 deletions data/anchore/2024/CVE-2024-36620.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-36620",
"description": "moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2",
"https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48",
"https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"cpes": [
"cpe:2.3:a:docker:docker:*:*:*:*:*:go:*:*",
"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:go:*:*"
],
"packageName": "github.com/docker/docker",
"packageType": "go-module",
"product": "moby",
"repo": "https://github.com/moby/moby",
"vendor": "moby",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "25.0.0-beta.1",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-q59j-vv4j-v33c"
}
]
}
}
70 changes: 70 additions & 0 deletions data/anchore/2024/CVE-2024-36621.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-36621",
"description": "moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://gist.github.com/1047524396/5d44459edab5fafcdf86b43909b81135",
"https://github.com/moby/moby/blob/v25.0.5/builder/builder-next/adapters/snapshot/layer.go#L24",
"https://github.com/moby/moby/commit/37545cc644344dcb576cba67eb7b6f51a463d31e"
],
"toDos": [
"Monitor for 24.x release (fix has been merged, just not released) https://github.com/moby/moby/commit/b8bc11af709b47987ab2aade1d571e3028f434bc"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"cpes": [
"cpe:2.3:a:docker:docker:*:*:*:*:*:go:*:*",
"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:go:*:*"
],
"packageName": "github.com/docker/docker",
"packageType": "go-module",
"product": "moby",
"repo": "https://github.com/moby/moby",
"vendor": "moby",
"versions": [
{
"lessThan": "26.0.0-rc2",
"status": "affected",
"version": "26.0.0-rc1",
"versionType": "custom"
},
{
"lessThan": "25.0.5",
"status": "affected",
"version": "24",
"versionType": "custom"
},
{
"lessThan": "23.0.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://github.com/moby/moby/pull/47523"
},
{
"url": "https://github.com/moby/moby/pull/47527"
},
{
"url": "https://github.com/moby/moby/pull/47528"
},
{
"url": "https://github.com/moby/moby/pull/47529"
}
]
}
}
55 changes: 55 additions & 0 deletions data/anchore/2024/CVE-2024-36623.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"additionalMetadata": {
"cna": "mitre",
"cveId": "CVE-2024-36623",
"description": "moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.",
"reason": "Added CPE configurations because not yet analyzed by NVD.",
"references": [
"https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29",
"https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115",
"https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb"
]
},
"adp": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"cpes": [
"cpe:2.3:a:docker:docker:*:*:*:*:*:go:*:*",
"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:go:*:*"
],
"packageName": "github.com/docker/docker",
"packageType": "go-module",
"product": "moby",
"repo": "https://github.com/moby/moby",
"vendor": "moby",
"versions": [
{
"lessThan": "26.0.0-rc1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "25.0.4",
"status": "affected",
"version": "25",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
},
"references": [
{
"url": "https://github.com/moby/moby/commit/3fa0cedce310398b3b39db7cf7d3550e9a39ec00"
},
{
"url": "https://github.com/moby/moby/pull/47484"
}
]
}
}

0 comments on commit 93d995b

Please sign in to comment.