CVE-2024-36621
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Nov 29, 2024
Updated: Dec 4, 2024
CWE ID 362
Summary
CVE-2024-36621 is a newly identified vulnerability affecting moby version 25.0.5. The issue involves a race condition in the builder-next/adapters/snapshot/layer.go file. An attacker could exploit this flaw to trigger concurrent builds, leading to resource leaks or exhaustion as a result of multiple instances calling the EnsureLayer function in an unsynchronized manner. This could potentially cause significant performance degradation or even crash the system. Users of moby are advised to upgrade to a patched version as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share