Bug 1792796 (CVE-2020-1702) - CVE-2020-1702 containers/image: Container images read entire image manifest into memory
Summary: CVE-2020-1702 containers/image: Container images read entire image manifest i...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1702
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Jindrich Novy
QA Contact:
URL:
Whiteboard:
Depends On: 1792797 1792798 1792799 1792800 1795829 1795830 1795831 1795832 1795833 1801922 1801923 1801924 1801925 1801926 1801927 1801928 1801929 1801930 1804024 1810612 1810613 1810614
Blocks: 1777853
TreeView+ depends on / blocked
 
Reported: 2020-01-20 01:20 UTC by Jason Shepherd
Modified: 2023-10-06 19:02 UTC (History)
28 users (show)

Fixed In Version: containers-image 5.2.0
Doc Type: If docs needed, set a value
Doc Text:
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image.
Clone Of:
Environment:
Last Closed: 2020-04-01 04:31:53 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1227 0 None None None 2020-04-01 00:25:22 UTC
Red Hat Product Errata RHSA-2020:1234 0 None None None 2020-04-01 00:26:31 UTC
Red Hat Product Errata RHSA-2020:1650 0 None None None 2020-04-28 15:36:41 UTC
Red Hat Product Errata RHSA-2020:1937 0 None None None 2020-05-04 10:17:22 UTC
Red Hat Product Errata RHSA-2020:2116 0 None None None 2020-05-12 19:50:38 UTC
Red Hat Product Errata RHSA-2020:2218 0 None None None 2020-05-28 11:34:49 UTC
Red Hat Product Errata RHSA-2020:2681 0 None None None 2020-06-23 14:25:29 UTC

Description Jason Shepherd 2020-01-20 01:20:17 UTC 
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user with privileges to pull container images into crashing the process responsible for pulling the image.
Comment 1 Jason Shepherd 2020-01-20 01:22:20 UTC 
Created buildah tracking bugs for this issue:

Affects: fedora-31 [bug 1792800]


Created podman tracking bugs for this issue:

Affects: fedora-31 [bug 1792797]


Created skopeo tracking bugs for this issue:

Affects: fedora-31 [bug 1792798]
Comment 13 Jason Shepherd 2020-01-22 03:31:19 UTC 
Acknowledgments:

Name: Oleg Bulatov (Red Hat)
Comment 15 Tom Sweeney 2020-01-22 16:37:40 UTC 
Given the bump to a CVE, changing severity to high.
Comment 21 Jason Shepherd 2020-01-29 00:43:25 UTC 
Created cri-o tracking bugs for this issue:

Affects: fedora-31 [bug 1795829]
Comment 28 Jason Shepherd 2020-02-04 04:45:18 UTC 
Upstream commit: https://github.com/containers/image/pull/803
Comment 30 Miloslav Trmač 2020-02-04 17:40:45 UTC 
(In reply to Jason Shepherd from comment #28)
> Upstream commit: https://github.com/containers/image/pull/803

https://github.com/containers/image/pull/805 , actually.
Comment 35 Tom Sweeney 2020-02-11 13:54:27 UTC 
Moving to POST and assigning to Jindrich to handle packaging
Comment 48 errata-xmlrpc 2020-04-01 00:25:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2020:1227 https://access.redhat.com/errata/RHSA-2020:1227
Comment 49 errata-xmlrpc 2020-04-01 00:26:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2020:1234 https://access.redhat.com/errata/RHSA-2020:1234
Comment 50 Product Security DevOps Team 2020-04-01 04:31:53 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1702
Comment 51 errata-xmlrpc 2020-04-28 15:34:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1650 https://access.redhat.com/errata/RHSA-2020:1650
Comment 52 errata-xmlrpc 2020-05-04 10:17:18 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2020:1937 https://access.redhat.com/errata/RHSA-2020:1937
Comment 53 errata-xmlrpc 2020-05-12 19:50:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2020:2116 https://access.redhat.com/errata/RHSA-2020:2116
Comment 54 errata-xmlrpc 2020-05-28 11:34:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 3.11

Via RHSA-2020:2218 https://access.redhat.com/errata/RHSA-2020:2218
Comment 55 errata-xmlrpc 2020-06-23 14:25:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2020:2681 https://access.redhat.com/errata/RHSA-2020:2681
Comment 56 Jason Shepherd 2020-07-08 20:09:03 UTC 
This issue as been addressed in the following products:

 Red Hat OpenShift Container Platform 4.3

Via RHBA-2020:0492 https://access.redhat.com/errata/RHBA-2020:0492
Note You need to log in before you can comment on or make changes to this bug.