Fluid Attacks Database

Description

Moby Race Condition vulnerability moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	docker.io	=20.10.24+dfsg1-1 \|\| =20.10.24+dfsg1-1+deb12u1 \|\| =20.10.25+dfsg1-1 \|\| =20.10.25+dfsg1-2 \|\| =20.10.25+dfsg1-3 \|\| =20.10.25+dfsg1-4 \|\| =26.1.4+dfsg1-1 \|\| =26.1.4+dfsg1-2 \|\| =26.1.4+dfsg1-3 \|\| =26.1.4+dfsg1-4 \|\| =26.1.4+dfsg1-5 \|\| =26.1.4+dfsg1-6 \|\| =26.1.4+dfsg1-7 \|\| =26.1.4+dfsg1-8 \|\| =26.1.4+dfsg1-9 \|\| =26.1.4+dfsg2-1 \|\| =26.1.4+dfsg3-1 \|\| =26.1.5+dfsg1-1 \|\| =26.1.5+dfsg1-10 \|\| =26.1.5+dfsg1-2 \|\| =26.1.5+dfsg1-3 \|\| =26.1.5+dfsg1-4 \|\| =26.1.5+dfsg1-5 \|\| =26.1.5+dfsg1-6 \|\| =26.1.5+dfsg1-7 \|\| =26.1.5+dfsg1-8 \|\| =26.1.5+dfsg1-9 \|\| =27.5.1+dfsg1-1 \|\| =27.5.1+dfsg1-2 \|\| =27.5.1+dfsg2-1 \|\| =27.5.1+dfsg3-1 \|\| =27.5.1+dfsg3-2 \|\| =27.5.1+dfsg3-3 \|\| =27.5.1+dfsg3-4 \|\| =27.5.1+dfsg3-5 \|\| =27.5.1+dfsg3-6 \|\| =27.5.1+dfsg4-1 \|\| =27.5.1+dfsg4-2 \|\| =28.5.2+dfsg1-1 \|\| =28.5.2+dfsg2-1 \|\| =28.5.2+dfsg3-1 \|\| =28.5.2+dfsg3-2 \|\| =28.5.2+dfsg4-1	-
debian 13	docker.io	>=0 <26.1.4+dfsg1-9	26.1.4+dfsg1-9
debian 11	docker.io	=20.10.10+dfsg1-1 \|\| =20.10.11+dfsg1-1 \|\| =20.10.11+dfsg1-2 \|\| =20.10.14+dfsg1-1 \|\| =20.10.17+dfsg1-1 \|\| =20.10.19+dfsg1-1 \|\| =20.10.21+dfsg1-1 \|\| =20.10.22+dfsg1-1 \|\| =20.10.22+dfsg1-2 \|\| =20.10.23+dfsg1-1 \|\| =20.10.24+dfsg1-1 \|\| =20.10.25+dfsg1-1 \|\| =20.10.25+dfsg1-2 \|\| =20.10.25+dfsg1-3 \|\| =20.10.25+dfsg1-4 \|\| =20.10.5+dfsg1-1 \|\| =20.10.5+dfsg1-1+deb11u1 \|\| =20.10.5+dfsg1-1+deb11u2 \|\| =20.10.5+dfsg1-1+deb11u3 \|\| =20.10.5+dfsg1-1+deb11u4 \|\| =20.10.8+dfsg1-1 \|\| =20.10.8+dfsg1-2 \|\| =26.1.4+dfsg1-1 \|\| =26.1.4+dfsg1-2 \|\| =26.1.4+dfsg1-3 \|\| =26.1.4+dfsg1-4 \|\| =26.1.4+dfsg1-5 \|\| =26.1.4+dfsg1-6 \|\| =26.1.4+dfsg1-7 \|\| =26.1.4+dfsg1-8 \|\| =26.1.4+dfsg1-9 \|\| =26.1.4+dfsg2-1 \|\| =26.1.4+dfsg3-1 \|\| =26.1.5+dfsg1-1 \|\| =26.1.5+dfsg1-10 \|\| =26.1.5+dfsg1-2 \|\| =26.1.5+dfsg1-3 \|\| =26.1.5+dfsg1-4 \|\| =26.1.5+dfsg1-5 \|\| =26.1.5+dfsg1-6 \|\| =26.1.5+dfsg1-7 \|\| =26.1.5+dfsg1-8 \|\| =26.1.5+dfsg1-9 \|\| =27.5.1+dfsg1-1 \|\| =27.5.1+dfsg1-2 \|\| =27.5.1+dfsg2-1 \|\| =27.5.1+dfsg3-1 \|\| =27.5.1+dfsg3-2 \|\| =27.5.1+dfsg3-3 \|\| =27.5.1+dfsg3-4 \|\| =27.5.1+dfsg3-5 \|\| =27.5.1+dfsg3-6 \|\| =27.5.1+dfsg4-1 \|\| =27.5.1+dfsg4-2 \|\| =28.5.2+dfsg1-1 \|\| =28.5.2+dfsg2-1 \|\| =28.5.2+dfsg3-1 \|\| =28.5.2+dfsg3-2 \|\| =28.5.2+dfsg4-1	-
debian 14	docker.io	>=0 <26.1.4+dfsg1-9	26.1.4+dfsg1-9
go	github.com/moby/moby	>=0 <25.0.4	25.0.4

Aliases

1. CVE-2024-366232. NVD-2024-366233. OSV-DEBIAN-2024-366234. OSV-2024-366235. GCVE-2024-366236. SECURITY-TRACKER-CVE-2024-36623

References

1. https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb2. https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b83. https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc294. https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.