CVE-2017-11468 – docker-distribution: Does not properly restrict the amount of content accepted from a user

https://notcve.org/view.php?id=CVE-2017-11468

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. Docker Registry anterior a versión 2.6.2 en Docker Distribution, no restringe apropiadamente la cantidad de contenido aceptado por un usuario, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de memoria) por medio un endpoint manifest. It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html https://access.redhat.com/errata/RHSA-2017:2603 https://github.com/docker/distribution/pull/2340 https://github.com/docker/distribution/releases/tag/v2.6.2 https://access.redhat.com/security/cve/CVE-2017-11468 https://bugzilla.redhat.com/show_bug.cgi?id=1474893 • CWE-770: Allocation of Resources Without Limits or Throttling •