CVE-2017-14388

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-14388
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14388.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-14388
Published
2017-11-13T17:29:00.537Z
Modified
2026-04-10T03:58:51.251576Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.

References

Affected packages

Git / github.com/cloudfoundry/grootfs

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/grootfs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
243b25994be8786632dc5cddbf543f1b9af8cc93
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cb4ece0ece8dc3ac0d38c54d619e47dec1ad2b9d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eda5e5183403e103b8258bef09c1423bbb872068
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dc1797a07a40db7ca99233394366074f6be11d8d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00520d66bfb6a1546b372942f98695dbe9454d75
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5e6f94dd47c4d130f0553f77443f913ce4c88b25
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b0e579382940e6b4cd3aae93b3194c33e270ef56
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4cb198139be024d1ec46f47b1c3f723bb0ff645c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
59545e3c89a5556a98eec90fe2ef86c7372605e5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9e4e6b03be7ba03d415395a117719443572f5cb3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fd48c94e62292434a605035aa0ac2e1d141e3d93
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c87252f538560a0e0ec90220d73361787ac8fe6c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
316f8f2c25d839a9ebc419393abfe1c75009dbdf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e1de76d65c2ca8c4ae2172a42d03a53a05dc1eee
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
707bff0d419ef9986d1e8fbc7e9f014aef6b477d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8321aac591d057e3361f72f48d1eba540a38a91c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4942760515561048ae5501da04ca85f09d43f8b7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9c0f6d5265b34005d49594b47e6bbbdd8c1f83eb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
541d3f7b1cf78a50d708691a528b16d0f7a0f600
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
adc6df6fbce380583243993a58f5da8dc90f7a89
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1b6cee582d961812a0edfe1655e189335722d349
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c725018b0a99410974477bd2e6f220ebe37eabba
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fbd5f2b12d3b1a16ca301982390a1d827cea8740
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b0f4f42ef691e8717f692cc202ded7c1d179dc23
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
38023b06b6c76cd41b81aeb56520b055b983a3f2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a0a82fc7fb24883908692cee33ee9f978e59ced9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4c92dfed6eb4b36b2e3f1e449cae0df48d32cbe0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.12.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.13.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.14.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.15.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.16.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.17.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.17.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.18.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.19.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.20.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.21.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.24.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.25.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.26.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.27.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.28.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.28.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.29.0"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.17.1
v0.18.0
v0.19.0
v0.2.0
v0.20.0
v0.21.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.28.1
v0.29.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14388.json"