#VU34915 Input validation error in Docker - CVE-2014-0048
Published: January 2, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34915
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2014-0048
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Docker
Docker
Software vendor:
Docker Inc.
Docker Inc.
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
Remediation
Install update from vendor's website.
External links
- http://www.openwall.com/lists/oss-security/2015/03/24/18
- http://www.openwall.com/lists/oss-security/2015/03/24/22
- http://www.openwall.com/lists/oss-security/2015/03/24/23
- https://access.redhat.com/security/cve/cve-2014-0048
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048
- https://security-tracker.debian.org/tracker/CVE-2014-0048