CVE-2018-15514 in Dockerinfo

Summary

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

08/18/2018

Disclosure

08/31/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
123459	Docker HandleRequestAsync deserialization	502	Not defined	Official fix	CVE-2018-15514

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!