Fluid Attacks Database

Description

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	docker.io	>=0 <1.3.0~dfsg1-1	1.3.0~dfsg1-1
debian 11	docker.io	>=0 <1.3.0~dfsg1-1	1.3.0~dfsg1-1
debian 12	docker.io	>=0 <1.3.0~dfsg1-1	1.3.0~dfsg1-1
debian 14	docker.io	>=0 <1.3.0~dfsg1-1	1.3.0~dfsg1-1
rpm rhel7	docker	-	-

Aliases

1. CVE-2014-52822. NVD-2014-52823. OSV-DEBIAN-2014-52824. OSV-2014-52825. SECURITY-TRACKER-CVE-2014-5282

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.