CyberSec.Space Logo
Back to CVE Browser

CVE-2014-9357

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile21.32th
PublishedDec 16, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

Affected Platforms (CPE)

πŸ“¦
Docker

Docker

= 1.3.2

References & Advisories

πŸ”— http://www.securityfocus.com/archive/1/534215/100/0/threaded
πŸ”— https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
πŸ”— http://www.securityfocus.com/archive/1/534215/100/0/threaded
πŸ”— https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ

Related Vulnerabilities

CVE-2021-2947510.0

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary file...

CVE-2026-400899.9

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard co...

CVE-2018-208719.8

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("othe...

CVE-2019-50219.8

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability a...