CVE-2019-1020014
Published: 29 July 2019
docker-credential-helpers before 0.6.3 has a double free in the List functions.
From the Ubuntu security team
Jasiel Spelman discovered that a double free existed in docker-credential-helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
docker.io Launchpad, Ubuntu, Debian |
bionic |
Released
(18.09.7-0ubuntu1~18.04.4)
|
| disco |
Released
(18.09.7-0ubuntu1~19.04.5)
|
|
| eoan |
Not vulnerable
(19.03.2-0ubuntu1)
|
|
| focal |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
| groovy |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
| hirsute |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
| impish |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
| jammy |
Not vulnerable
(19.03.6-0ubuntu1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(18.09.7-0ubuntu1~16.04.5)
|
|
|
golang-github-docker-docker-credential-helpers Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| disco |
Released
(0.6.1-1ubuntu0.1)
|
|
| eoan |
Not vulnerable
(0.6.1-4)
|
|
| focal |
Not vulnerable
(0.6.1-4)
|
|
| groovy |
Not vulnerable
(0.6.1-4)
|
|
| hirsute |
Not vulnerable
(0.6.1-4)
|
|
| impish |
Not vulnerable
(0.6.1-4)
|
|
| jammy |
Not vulnerable
(0.6.1-4)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(0.6.1-3)
|
|
| xenial |
Does not exist
|