CVE-2017-14388

Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.
References
Link Resource
https://www.cloudfoundry.org/cve-2017-14388/ Issue Tracking Vendor Advisory
https://www.cloudfoundry.org/cve-2017-14388/ Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:grootfs:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.17.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.19.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.21.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.24.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.25.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.26.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.27.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.28.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.28.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.29.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:12

Type Values Removed Values Added
References () https://www.cloudfoundry.org/cve-2017-14388/ - Issue Tracking, Vendor Advisory () https://www.cloudfoundry.org/cve-2017-14388/ - Issue Tracking, Vendor Advisory

Information

Published : 2017-11-13 17:29

Updated : 2024-11-21 03:12


NVD link : CVE-2017-14388

Mitre link : CVE-2017-14388

CVE.ORG link : CVE-2017-14388


JSON object : View

Products Affected

pivotal_software

  • grootfs
CWE
CWE-20

Improper Input Validation