Fluid Attacks Database

Description

Improper Input Validation in Docker Engine An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/docker/docker-ce	>=0 <19.03.11	19.03.11
debian 12	docker.io	>=0 <19.03.11+dfsg1-1	19.03.11+dfsg1-1
debian 13	docker.io	>=0 <19.03.11+dfsg1-1	19.03.11+dfsg1-1
debian 14	docker.io	>=0 <19.03.11+dfsg1-1	19.03.11+dfsg1-1
debian 11	docker.io	>=0 <19.03.11+dfsg1-1	19.03.11+dfsg1-1
rpm rhel7	docker	-	-

Aliases

1. CVE-2020-134012. NVD-2020-134013. OSV-2020-134014. OSV-DEBIAN-2020-134015. GCVE-2020-134016. security.gentoo.org7. SECURITY-TRACKER-CVE-2020-13401

References

1. https://docs.docker.com/engine/release-notes2. https://github.com/docker/docker-ce/releases/tag/v19.03.113. https://lists.fedoraproject.org/archives/list/[email protected]/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT4. https://lists.fedoraproject.org/archives/list/[email protected]/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K5. https://security.netapp.com/advisory/ntap-20200717-00026. https://www.debian.org/security/2020/dsa-47167. http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html8. http://www.openwall.com/lists/oss-security/2020/06/01/59. https://github.com/arax-zaeimi/Docker-Container-CVE-2020-13401