CVE-2020-1702

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1702

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1702.json

Related

Published

2021-05-27T20:15:07Z

Modified

2023-11-29T08:08:16.282506Z

Details

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1792796

Affected packages

Git / github.com/containers/image

Affected ranges

Type: GIT
Repo: https://github.com/containers/image
Events: Introduced

0The exact introduced commit is unknown

Fixed

c81b201fe138f8671a621c4f2f6d57c3d3bcdb4f

Affected versions

Other

v1,1

v1.*

v1.1

v1.2

v1.3

v1.4

v1.5

v1.5.1

v2.*

v2.0.0

v2.0.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v4.*

v4.0.0

v4.0.1

v5.*

v5.0.0

v5.1.0