Fluid Attacks Database

Description

Directory Traversal in Docker Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	docker.io	>=0 <1.3.3~dfsg1-1	1.3.3~dfsg1-1
go	github.com/docker/docker	>=0 <1.3.2	1.3.2
debian 13	docker.io	>=0 <1.3.3~dfsg1-1	1.3.3~dfsg1-1
debian 12	docker.io	>=0 <1.3.3~dfsg1-1	1.3.3~dfsg1-1
debian 11	docker.io	>=0 <1.3.3~dfsg1-1	1.3.3~dfsg1-1

Aliases

1. CVE-2014-93582. NVD-2014-93583. OSV-DEBIAN-2014-93584. OSV-2014-93585. GCVE-2014-93586. SECURITY-TRACKER-CVE-2014-93587. ACCESS-cve-2014-9358

References

1. https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ2. https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ3. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-93584. http://www.securityfocus.com/archive/1/534215/100/0/threaded