Candidate: CVE-2017-11468
PublicDate: 2017-07-20 23:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11468
 https://github.com/docker/distribution/pull/2340
 https://github.com/docker/distribution/releases/tag/v2.6.2
Description:
 Docker Registry before 2.6.2 in Docker Distribution does not properly
 restrict the amount of content accepted from a user, which allows remote
 attackers to cause a denial of service (memory consumption) via the
 manifest endpoint.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869242
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_docker-registry:
upstream_docker-registry: released (2.6.2~ds1-1)
precise/esm_docker-registry: DNE
trusty_docker-registry: DNE
trusty/esm_docker-registry: DNE
vivid/ubuntu-core_docker-registry: DNE
xenial_docker-registry: ignored (end of standard support, was needed)
zesty_docker-registry: ignored (reached end-of-life)
artful_docker-registry: ignored (reached end-of-life)
bionic_docker-registry: not-affected (2.6.2~ds1-1)
cosmic_docker-registry: not-affected (2.6.2~ds1-1)
disco_docker-registry: not-affected (2.6.2~ds1-1)
eoan_docker-registry: not-affected (2.6.2~ds1-1)
focal_docker-registry: not-affected (2.6.2~ds1-1)
groovy_docker-registry: not-affected (2.6.2~ds1-1)
hirsute_docker-registry: not-affected (2.6.2~ds1-1)
impish_docker-registry: not-affected (2.6.2~ds1-1)
jammy_docker-registry: not-affected (2.6.2~ds1-1)
devel_docker-registry: not-affected (2.6.2~ds1-1)