CVE-2019-1020014
Published: 29 July 2019
docker-credential-helpers before 0.6.3 has a double free in the List functions.
From the Ubuntu Security Team
Jasiel Spelman discovered that a double free existed in docker-credential-helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
golang-github-docker-docker-credential-helpers Launchpad, Ubuntu, Debian |
disco |
Released
(0.6.1-1ubuntu0.1)
|
trusty |
Does not exist
|
|
upstream |
Released
(0.6.1-3)
|
|
xenial |
Does not exist
|
|
hirsute |
Not vulnerable
(0.6.1-4)
|
|
jammy |
Not vulnerable
(0.6.1-4)
|
|
kinetic |
Not vulnerable
(0.6.1-4)
|
|
eoan |
Not vulnerable
(0.6.1-4)
|
|
focal |
Not vulnerable
(0.6.1-4)
|
|
groovy |
Not vulnerable
(0.6.1-4)
|
|
impish |
Not vulnerable
(0.6.1-4)
|
|
lunar |
Not vulnerable
(0.6.1-4)
|
|
bionic |
Released
(0.5.0-2ubuntu0.1+esm1)
Available with Ubuntu Pro |
|
Patches: upstream: https://github.com/docker/docker-credential-helpers/commit/87c80bfba583eadc087810d17aa631ef4e405efc |
||
docker.io Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
(19.03.6-0ubuntu1)
|
jammy |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
kinetic |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
bionic |
Released
(18.09.7-0ubuntu1~18.04.4)
|
|
disco |
Released
(18.09.7-0ubuntu1~19.04.5)
|
|
eoan |
Not vulnerable
(19.03.2-0ubuntu1)
|
|
focal |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
groovy |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
impish |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
lunar |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(18.09.7-0ubuntu1~16.04.5)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |