CVE-2024-36620: Null Pointer Dereference
Published Nov 29, 2024
·Updated
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/imagehistory.go.
Affected Software
4 affected componentsFixes available
go/github.com/moby/moby>=25.0.0<26.1.0
26.1.0
Mobyproject Moby>=25.0.0<=26.0.2
Microsoft azl3 moby-engine 25.0.3-8
Microsoft azl3 moby-engine 25.0.3-13
Remediation
Event History
Nov 29, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·06:15 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·06:15 PM
RemedyAffected Software
Advisory Published
via GitHub·06:34 PM
Data Sourced
via Red Hat·07:01 PM
DescriptionSeverityAffected Software
Dec 13, 2024
Data Sourced
via Microsoft·08:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
SeverityAffected Software
Updated
via Microsoft·08:00 AM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2024-36620?
CVE-2024-36620 has a high severity level as it allows a NULL Pointer Dereference that could lead to application crashes.
2
How do I fix CVE-2024-36620?
To fix CVE-2024-36620, upgrade to version 26.1.0 or later of the affected software.
3
Which versions of the software are affected by CVE-2024-36620?
CVE-2024-36620 affects versions v25.0.0 to v26.0.2 of the moby software.
4
What is the impact of CVE-2024-36620 on my application?
The impact of CVE-2024-36620 can result in unexpected application crashes due to a NULL Pointer Dereference.
5
Where can I find more information about CVE-2024-36620?
More information about CVE-2024-36620 can be found in the public repositories and issue trackers for the moby project.