CVE-2018-20699

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

References

Affected packages

Git / github.com/docker/engine

Affected ranges

Type

GIT

Repo

https://github.com/docker/engine

Events

Introduced

Fixed

f5749085e9cb0565afe342e73a67631f97547054

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "18.09"
        }
    ]
}

Affected versions

0.*

0.0.3

docs-v1.*

docs-v1.12.0-rc4-2016-07-15

upstream/0.*

upstream/0.1.2

upstream/0.1.3

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.3.2

v0.4.1

v0.4.2

v0.4.4

v0.4.5

v0.4.7

v0.5.0

v0.6.5

v0.7.0

v0.7.1

v0.7.2

v18.*

v18.06.0-ce-rc1

v18.09.0-beta3

v18.09.0-beta5

v18.09.0-ce-beta1

v18.09.0-ce-tp0

v18.09.0-ce-tp3

v18.09.0-ce-tp4

v18.09.0-ce-tp5

v18.09.0-ce-tp6

v18.09.0-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20699.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    }
]