CVE-2017-14388

Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.
References
Link Resource
https://www.cloudfoundry.org/cve-2017-14388/ Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:grootfs:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.17.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.19.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.21.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.24.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.25.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.26.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.27.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.28.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.28.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:grootfs:0.29.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-13 17:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-14388

Mitre link : CVE-2017-14388

CVE.ORG link : CVE-2017-14388


JSON object : View

Products Affected

pivotal_software

  • grootfs
CWE
CWE-20

Improper Input Validation