CVE-2021-21285
Docker daemon crash during image pull of malicious image
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
En Docker versiones anteriores a 9.03.15, 20.10.3, se presenta una vulnerabilidad en la que al extraer un manifiesto de imagen de Docker malformado intencionalmente, bloquea al demonio dockerd. Las versiones 20.10.3 y 19.03.15 contienen parches que impiden al demonio bloquearse
An update that solves four vulnerabilities and has 13 fixes is now available. This update for containerd, docker, runc fixes the following issues. Docker was updated to 20.10.6-ce Switch version to use -ce suffix rather than _ce to avoid confusing other tools. Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem. Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon. Btrfs quotas being removed by Docker regularly runc was updated to v1.0.0~rc93. Use the upstream runc package. Fixed /dev/null is not available. Fixed a symlink-exchange attack vulnarability. Containerd was updated to v1.4.4. Fixed a potential information leak through environment variables. Handle a requirement from docker. This update was imported from the SUSE:SLE-15:Update update project.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-22 CVE Reserved
- 2021-02-02 CVE Published
- 2024-08-03 CVE Updated
- 2025-04-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://github.com/moby/moby/releases/tag/v19.03.15 | Release Notes | |
| https://github.com/moby/moby/releases/tag/v20.10.3 | Release Notes | |
| https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20210226-0005 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30 | 2022-10-25 | |
| https://security.gentoo.org/glsa/202107-23 | 2022-10-25 |
| URL | Date | SRC |
|---|---|---|
| https://docs.docker.com/engine/release-notes/#20103 | 2022-10-25 | |
| https://www.debian.org/security/2021/dsa-4865 | 2022-10-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | < 19.03.15 Search vendor "Docker" for product "Docker" and version " < 19.03.15" | - |
Affected
| ||||||
| Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | >= 20.0.0 < 20.10.3 Search vendor "Docker" for product "Docker" and version " >= 20.0.0 < 20.10.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | >= 11.0 <= 11.60.3 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.60.3" | - |
Affected
| ||||||