CVE-2024-36623: Race Condition

Published Nov 29, 2024
·
Updated

Last updated 7 May 2025

Other sources

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

MITRE

moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

GitHub

Affected Software

14 affected componentsFixes available
go/github.com/moby/moby<26.0.0
26.0.0
go/github.com/moby/moby<25.0.4
25.0.4
debian/docker.io<=20.10.5+dfsg1-1+deb11u2, <=20.10.5+dfsg1-1+deb11u4, <=20.10.24+dfsg1-1+deb12u1
26.1.5+dfsg1-9
Mobyproject Moby<=25.0.3
Microsoft cbl2 moby-engine 24.0.9-16
Patch available
Microsoft cbl2 moby-engine 24.0.9-16
Patch available
Microsoft cbl2 moby-cli 24.0.9-6
Patch available
Microsoft cbl2 moby-compose 2.17.3-8
Patch available
Microsoft azl3 docker-cli 25.0.3-3
Patch available
Microsoft cbl2 moby-compose 2.17.3-10
Patch available
Microsoft cbl2 moby-engine 24.0.9-11
Patch available
Microsoft azl3 moby-engine 25.0.3-8
Patch available
Microsoft cbl2 moby-cli 24.0.9-5
Patch available
Microsoft azl3 moby-engine 25.0.3-13
Patch available

Remediation

Patch Available

https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb

Patch Available

https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8

Event History

Nov 29, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·06:15 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·06:15 PM
RemedyAffected Software
Advisory Published
via GitHub·06:34 PM
Dec 13, 2024
Data Sourced
via Microsoft·08:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
SeverityAffected Software
Updated
via Microsoft·08:00 AM
DescriptionSeverity
May 9, 2025
Data Sourced
via Ubuntu·05:43 PM
RemedyDescriptionSeverityAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-36623?

CVE-2024-36623 is a medium-severity vulnerability due to a race condition that can lead to data corruption or application crashes.

2

How do I fix CVE-2024-36623?

To resolve CVE-2024-36623, upgrade to version 26.0.0 or later of the affected software.

3

What is the nature of the vulnerability in CVE-2024-36623?

CVE-2024-36623 involves a race condition in the streamformatter package that allows multiple concurrent write operations.

4

Which versions of moby are impacted by CVE-2024-36623?

Versions of moby prior to 26.0.0 are impacted by CVE-2024-36623.

5

Can CVE-2024-36623 be exploited remotely?

CVE-2024-36623 is typically an internal application vulnerability, so direct remote exploitation is unlikely.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203