StarlingX

[Debian] High CVE: CVE-2023-2253: docker-registry: denial of service by a crafted malicious

Bug #2022018 reported by Yue Tao on 2023-06-01

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	ZhangXiao

Bug Description

CVE-2023-2253: https://nvd.nist.gov/vuln/detail/CVE-2023-2253

Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/_catalog API endpoint request

Base Score: High

References:

https://www.tenable.com/plugins/nessus/176435

https://www.debian.org/security/2023/dsa-5414

docker-registry_2.7.1+ds2-7+deb11u1

A source package in integ repository

Tags:

CVE References

2023-2253

ZhangXiao (zhangxiao-windriver) on 2023-06-20

Changed in starlingx:
assignee:	nobody → ZhangXiao (zhangxiao-windriver)

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2023-08-21:

Fixed by https://review.opendev.org/c/starlingx/integ/+/886884 which merged on June 26.

Changed in starlingx:
status:	Triaged → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.