CVE-2024-36623
Public on 2024-11-29
Modified on 2024-12-10
Description
moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | docker | No Fix Planned | ||
| HAQM Linux 2 - Docker Extra | docker | 2024-07-29 | ALAS2DOCKER-2024-040 | Fixed |
| HAQM Linux 2 - Ecs Extra | docker | 2024-08-27 | ALAS2ECS-2024-042 | Fixed |
| HAQM Linux 2 - Aws-nitro-enclaves-cli Extra | docker | 2024-07-29 | ALAS2NITRO-ENCLAVES-2024-041 | Fixed |
| HAQM Linux 2023 | docker | 2024-07-29 | ALAS2023-2024-674 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 6.8 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
| NVD | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |