Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1792796 (CVE-2020-1702) - CVE-2020-1702 containers/image: Container images read entire image manifest into memory
Summary: CVE-2020-1702 containers/image: Container images read entire image manifest i...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1702
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Jindrich Novy
QA Contact:
URL:
Whiteboard:
Depends On: 1792797 1792798 1792799 1792800 1795829 1795830 1795831 1795832 1795833 1801922 1801923 1801924 1801925 1801926 1801927 1801928 1801929 1801930 1804024 1810612 1810613 1810614
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-01-20 01:20 UTC by Jason Shepherd
Modified: 2023-10-06 19:02 UTC (History)
28 users (show)

Fixed In Version: containers-image 5.2.0
Doc Type: If docs needed, set a value
Doc Text:
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image.
Clone Of:
Environment:
Last Closed: 2020-04-01 04:31:53 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1227 0 None None None 2020-04-01 00:25:22 UTC
Red Hat Product Errata RHSA-2020:1234 0 None None None 2020-04-01 00:26:31 UTC
Red Hat Product Errata RHSA-2020:1650 0 None None None 2020-04-28 15:36:41 UTC
Red Hat Product Errata RHSA-2020:1937 0 None None None 2020-05-04 10:17:22 UTC
Red Hat Product Errata RHSA-2020:2116 0 None None None 2020-05-12 19:50:38 UTC
Red Hat Product Errata RHSA-2020:2218 0 None None None 2020-05-28 11:34:49 UTC
Red Hat Product Errata RHSA-2020:2681 0 None None None 2020-06-23 14:25:29 UTC

Description Jason Shepherd 2020-01-20 01:20:17 UTC
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user with privileges to pull container images into crashing the process responsible for pulling the image.

Comment 1 Jason Shepherd 2020-01-20 01:22:20 UTC
Created buildah tracking bugs for this issue:

Affects: fedora-31 [bug 1792800]


Created podman tracking bugs for this issue:

Affects: fedora-31 [bug 1792797]


Created skopeo tracking bugs for this issue:

Affects: fedora-31 [bug 1792798]

Comment 13 Jason Shepherd 2020-01-22 03:31:19 UTC
Acknowledgments:

Name: Oleg Bulatov (Red Hat)

Comment 15 Tom Sweeney 2020-01-22 16:37:40 UTC
Given the bump to a CVE, changing severity to high.

Comment 21 Jason Shepherd 2020-01-29 00:43:25 UTC
Created cri-o tracking bugs for this issue:

Affects: fedora-31 [bug 1795829]

Comment 28 Jason Shepherd 2020-02-04 04:45:18 UTC
Upstream commit: https://github.com/containers/image/pull/803

Comment 30 Miloslav Trmač 2020-02-04 17:40:45 UTC
(In reply to Jason Shepherd from comment #28)
> Upstream commit: https://github.com/containers/image/pull/803

https://github.com/containers/image/pull/805 , actually.

Comment 35 Tom Sweeney 2020-02-11 13:54:27 UTC
Moving to POST and assigning to Jindrich to handle packaging

Comment 48 errata-xmlrpc 2020-04-01 00:25:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2020:1227 https://access.redhat.com/errata/RHSA-2020:1227

Comment 49 errata-xmlrpc 2020-04-01 00:26:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2020:1234 https://access.redhat.com/errata/RHSA-2020:1234

Comment 50 Product Security DevOps Team 2020-04-01 04:31:53 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1702

Comment 51 errata-xmlrpc 2020-04-28 15:34:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1650 https://access.redhat.com/errata/RHSA-2020:1650

Comment 52 errata-xmlrpc 2020-05-04 10:17:18 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2020:1937 https://access.redhat.com/errata/RHSA-2020:1937

Comment 53 errata-xmlrpc 2020-05-12 19:50:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2020:2116 https://access.redhat.com/errata/RHSA-2020:2116

Comment 54 errata-xmlrpc 2020-05-28 11:34:45 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 3.11

Via RHSA-2020:2218 https://access.redhat.com/errata/RHSA-2020:2218

Comment 55 errata-xmlrpc 2020-06-23 14:25:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2020:2681 https://access.redhat.com/errata/RHSA-2020:2681

Comment 56 Jason Shepherd 2020-07-08 20:09:03 UTC
This issue as been addressed in the following products:

 Red Hat OpenShift Container Platform 4.3

Via RHBA-2020:0492 https://access.redhat.com/errata/RHBA-2020:0492


Note You need to log in before you can comment on or make changes to this bug.