#VU19934 Double Free in docker-credential-helpers
Vulnerability identifier: #VU19934
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
docker-credential-helpers
Client/Desktop applications /
Virtualization software
Vendor: Docker Inc.
Description
The vulnerability allows a local attacker to access sensitive information on a targeted system.
The vulnerability exists due to a double free condition in the list functions. A local authenticated attacker can trigger double free error and gain access to sensitive information on a targeted system
Mitigation
Install updates from vendor's website.
Vulnerable software versions
docker-credential-helpers: 0.1.0 - 0.6.2
External links
http://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a
http://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
