Concurrent Builds Vulnerability Could Lead to Resource Leaks or Exhaustion
CVE-2024-36621

Currently unrated

Key Information:

Vendor

Moby

Vendor
CVE Published:
29 November 2024

What is CVE-2024-36621?

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.