openjdk:8-jre-alpine contains CVE-2018-1000654 #283
Comments
|
See docker-library/postgres#286 (comment) and https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-so-many-cves Do you know if this package on Alpine is patched or updated for this CVE? We're beholden to upstream in this regard and cannot simply alleviate CVE issues with their packages. |
|
Debian also notes it has "No security impact", which is interesting. Closing since there's not really anything we can do here. 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
Vendor Score (CVSS v2)
7.1 High (AV:N/AC:M/Au:N/C:N/I:N/A:C)
NVD Score (CVSS v2)
7.1 High (AV:N/AC:M/Au:N/C:N/I:N/A:C)
NVD Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000654
The text was updated successfully, but these errors were encountered: