CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-9357

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile21.32th
Published2014年12月16日
Last Modified2026年5月6日

Vulnerability Description

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

Affected Platforms (CPE)

📦
Docker

Docker

= 1.3.2

References & Advisories

🔗 http://www.securityfocus.com/archive/1/534215/100/0/threaded
🔗 https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
🔗 http://www.securityfocus.com/archive/1/534215/100/0/threaded
🔗 https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ

関連する脆弱性情報

CVE-2021-2947510.0

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary file...

CVE-2026-400899.9

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard co...

CVE-2018-208719.8

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("othe...

CVE-2019-50219.8

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability a...