meta-virtualization

mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 20:59:41 +02:00

History

Narpat Mali af02908efd docker-distribution: fix for CVE-2023-2253 A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. References: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw `521ea3d973` Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>	2023-07-25 14:53:37 -04:00
..
files	docker-distribution: fix for CVE-2023-2253	2023-07-25 14:53:37 -04:00
docker-distribution_git.bb	docker-distribution: fix for CVE-2023-2253	2023-07-25 14:53:37 -04:00

Narpat Mali af02908efd docker-distribution: fix for CVE-2023-2253

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution,
which accepts a parameter to control the maximum number of records returned
(query string: `n`). This vulnerability allows a malicious user to submit an
unreasonably large value for `n,` causing the allocation of a massive string
array, possibly causing a denial of service through excessive use of memory.

References:
https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
521ea3d973

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

2023-07-25 14:53:37 -04:00

files docker-distribution: fix for CVE-2023-2253 2023-07-25 14:53:37 -04:00

docker-distribution_git.bb docker-distribution: fix for CVE-2023-2253 2023-07-25 14:53:37 -04:00