CVE-2017-14388

Published: Nov 13, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.

Vendor	Product	Versions
n/a	GrootFS release GrootFS release 0.3.x versions prior to 0.30.0	affected `GrootFS release GrootFS release 0.3.x versions prior to 0.30.0`

References

https://www.cloudfoundry.org/cve-2017-14388/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-14388

Description

Affected Products

References