Input validation error in Docker - CVE-2014-0048
Published: January 2, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34915
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2014-0048
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Docker Inc.
Affected software:
Docker
Docker
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
How to mitigate CVE-2014-0048
Install update from vendor's website.
Sources
- http://www.openwall.com/lists/oss-security/2015/03/24/18
- http://www.openwall.com/lists/oss-security/2015/03/24/22
- http://www.openwall.com/lists/oss-security/2015/03/24/23
- https://access.redhat.com/security/cve/cve-2014-0048
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048
- https://security-tracker.debian.org/tracker/CVE-2014-0048