DEBIAN-CVE-2024-36621

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2024-36621
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-36621.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-36621
Upstream
Published
2024-11-29T18:15:07.993Z
Modified
2025-11-20T10:17:15.058727Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

References

Affected packages

Debian:11 / docker.io

Package

Name
docker.io
Purl
pkg:deb/debian/docker.io?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.10.5+dfsg1-1
20.10.5+dfsg1-1+deb11u1
20.10.5+dfsg1-1+deb11u2
20.10.5+dfsg1-1+deb11u3
20.10.5+dfsg1-1+deb11u4
20.10.8+dfsg1-1
20.10.8+dfsg1-2
20.10.10+dfsg1-1
20.10.11+dfsg1-1
20.10.11+dfsg1-2
20.10.14+dfsg1-1
20.10.17+dfsg1-1
20.10.19+dfsg1-1
20.10.21+dfsg1-1
20.10.22+dfsg1-1
20.10.22+dfsg1-2
20.10.23+dfsg1-1
20.10.24+dfsg1-1
20.10.25+dfsg1-1
20.10.25+dfsg1-2
20.10.25+dfsg1-3
20.10.25+dfsg1-4

26.*

26.1.4+dfsg1-1
26.1.4+dfsg1-2
26.1.4+dfsg1-3
26.1.4+dfsg1-4
26.1.4+dfsg1-5
26.1.4+dfsg1-6
26.1.4+dfsg1-7
26.1.4+dfsg1-8
26.1.4+dfsg1-9
26.1.4+dfsg2-1
26.1.4+dfsg3-1
26.1.5+dfsg1-1
26.1.5+dfsg1-2
26.1.5+dfsg1-3
26.1.5+dfsg1-4
26.1.5+dfsg1-5
26.1.5+dfsg1-6
26.1.5+dfsg1-7
26.1.5+dfsg1-8
26.1.5+dfsg1-9
26.1.5+dfsg1-10

27.*

27.5.1+dfsg1-1
27.5.1+dfsg1-2
27.5.1+dfsg2-1
27.5.1+dfsg3-1
27.5.1+dfsg3-2
27.5.1+dfsg3-3
27.5.1+dfsg3-4
27.5.1+dfsg3-5
27.5.1+dfsg3-6
27.5.1+dfsg4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-36621.json"

Debian:12 / docker.io

Package

Name
docker.io
Purl
pkg:deb/debian/docker.io?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.10.24+dfsg1-1
20.10.24+dfsg1-1+deb12u1
20.10.25+dfsg1-1
20.10.25+dfsg1-2
20.10.25+dfsg1-3
20.10.25+dfsg1-4

26.*

26.1.4+dfsg1-1
26.1.4+dfsg1-2
26.1.4+dfsg1-3
26.1.4+dfsg1-4
26.1.4+dfsg1-5
26.1.4+dfsg1-6
26.1.4+dfsg1-7
26.1.4+dfsg1-8
26.1.4+dfsg1-9
26.1.4+dfsg2-1
26.1.4+dfsg3-1
26.1.5+dfsg1-1
26.1.5+dfsg1-2
26.1.5+dfsg1-3
26.1.5+dfsg1-4
26.1.5+dfsg1-5
26.1.5+dfsg1-6
26.1.5+dfsg1-7
26.1.5+dfsg1-8
26.1.5+dfsg1-9
26.1.5+dfsg1-10

27.*

27.5.1+dfsg1-1
27.5.1+dfsg1-2
27.5.1+dfsg2-1
27.5.1+dfsg3-1
27.5.1+dfsg3-2
27.5.1+dfsg3-3
27.5.1+dfsg3-4
27.5.1+dfsg3-5
27.5.1+dfsg3-6
27.5.1+dfsg4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-36621.json"

Debian:13 / docker.io

Package

Name
docker.io
Purl
pkg:deb/debian/docker.io?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26.1.4+dfsg1-9

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-36621.json"

Debian:14 / docker.io

Package

Name
docker.io
Purl
pkg:deb/debian/docker.io?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26.1.4+dfsg1-9

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-36621.json"