Vulnerability Description
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Docker | Engine | < 18.09 |
| Redhat | Enterprise Linux Server | 7.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:0487Third Party Advisory
- https://github.com/docker/engine/pull/70PatchThird Party Advisory
- https://github.com/moby/moby/pull/37967PatchThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0487Third Party Advisory
- https://github.com/docker/engine/pull/70PatchThird Party Advisory
- https://github.com/moby/moby/pull/37967PatchThird Party Advisory
FAQ
What is CVE-2018-20699?
CVE-2018-20699 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, p...
How severe is CVE-2018-20699?
CVE-2018-20699 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-20699?
Check the references section above for vendor advisories and patch information. Affected products include: Docker Engine, Redhat Enterprise Linux Server.