Arbitrary Code Injection Affecting docker package, versions <19.03.1-r0


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
18.83% (97th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALPINE320-DOCKER-7009043
  • published23 May 2024
  • disclosed29 Jul 2019

Introduced: 29 Jul 2019

CVE-2019-14271  (opens in a new tab)
CWE-94  (opens in a new tab)

How to fix?

Upgrade Alpine:3.20 docker to version 19.03.1-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream docker package and not the docker package as distributed by Alpine. See How to fix? for Alpine:3.20 relevant fixed versions and status.

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

CVSS Base Scores

version 3.1