Your submission was sent successfully! Close

CVE-2019-1020014

Published: 29 July 2019

docker-credential-helpers before 0.6.3 has a double free in the List functions.

From the Ubuntu security team

Jasiel Spelman discovered that a double free existed in docker-credential-helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
docker.io
Launchpad, Ubuntu, Debian
bionic
Released (18.09.7-0ubuntu1~18.04.4)
disco
Released (18.09.7-0ubuntu1~19.04.5)
eoan Not vulnerable
(19.03.2-0ubuntu1)
focal Not vulnerable
(19.03.6-0ubuntu1)
groovy Not vulnerable
(19.03.6-0ubuntu1)
hirsute Not vulnerable
(19.03.6-0ubuntu1)
impish Not vulnerable
(19.03.6-0ubuntu1)
jammy Not vulnerable
(19.03.6-0ubuntu1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (18.09.7-0ubuntu1~16.04.5)
golang-github-docker-docker-credential-helpers
Launchpad, Ubuntu, Debian
bionic Needed

disco
Released (0.6.1-1ubuntu0.1)
eoan Not vulnerable
(0.6.1-4)
focal Not vulnerable
(0.6.1-4)
groovy Not vulnerable
(0.6.1-4)
hirsute Not vulnerable
(0.6.1-4)
impish Not vulnerable
(0.6.1-4)
jammy Not vulnerable
(0.6.1-4)
precise Does not exist

trusty Does not exist

upstream
Released (0.6.1-3)
xenial Does not exist