CVE-2024-36620

NameCVE-2024-36620
Descriptionmoby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
docker.io (PTS)bullseye20.10.5+dfsg1-1+deb11u2fixed
bullseye (security)20.10.5+dfsg1-1+deb11u3fixed
bookworm20.10.24+dfsg1-1+deb12u1fixed
sid, trixie26.1.5+dfsg1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
docker.iosource(unstable)(not affected)

Notes

- docker.io <not-affected> (Vunerable code never present in a Debian released Version)
https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4 (v26.1.0)
Introduced in https://github.com/moby/moby/commit/2a6ff3c24fd790e5d42d2eabaf6acf06edfe6975 (v25.0.0-beta.1)

Search for package or bug name: Reporting problems