Concurrent Builds Vulnerability Could Lead to Resource Leaks or Exhaustion
CVE-2024-36621

Currently unrated

Key Information:

Vendor: Moby
Vendor: CVE Published:; 29 November 2024

Summary

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

References

https://github.com/moby/moby/commit/37545cc644344dcb576cb...

https://github.com/moby/moby/blob/v25.0.5/builder/builder...

https://gist.github.com/1047524396/5d44459edab5fafcdf86b4...

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
May 30, 2024