CVE-2021-21285 MEDIUM

CVE-2021-21285: Docker daemon crash during image pull of malicious image

Vendor Moby
Product moby
Weakness CWE-400
Published February 2, 2021
Last update August 3, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

Key dates

02Disclosure timeline

February 2, 2021 CVE published
August 3, 2024 Record updated