CVE Vulnerabilities

CVE-2019-1020014

Double Free

Published: Jul 29, 2019 | Modified: Nov 07, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

docker-credential-helpers before 0.6.3 has a double free in the List functions.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Credential_helpers Docker * 0.6.3 (excluding)
Docker.io Ubuntu bionic *
Docker.io Ubuntu disco *
Docker.io Ubuntu esm-apps/bionic *
Docker.io Ubuntu esm-apps/xenial *
Docker.io Ubuntu trusty *
Docker.io Ubuntu xenial *
Golang-github-docker-docker-credential-helpers Ubuntu bionic *
Golang-github-docker-docker-credential-helpers Ubuntu disco *
Golang-github-docker-docker-credential-helpers Ubuntu esm-apps/bionic *
Golang-github-docker-docker-credential-helpers Ubuntu trusty *
Golang-github-docker-docker-credential-helpers Ubuntu upstream *

Potential Mitigations

References