reports/GO-2021-0072.toml

module = "github.com/docker/distribution"
package = "github.com/docker/distribution/registry/handlers"

description = """
Various storage methods do not impose limits on how much content is accepted
from user requests, allowing a malicious user to force the caller to allocate
an arbitary amount of memory.
"""

cve = "CVE-2017-11468"

symbols = ["copyFullPayload"]

published = "2021-04-14T12:00:00Z"

[[versions]]
fixed = "v2.7.0-rc.0+incompatible"

[[additional_packages]]
module = "github.com/docker/distribution"
package = "github.com/docker/distribution/registry/storage"
symbols = ["blobStore.Get"]
[[additional_packages.versions]]
fixed = "v2.7.0-rc.0+incompatible"

[links]
commit = "https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f"
pr = "https://github.com/distribution/distribution/pull/2340"
context = [
    "https://access.redhat.com/errata/RHSA-2017:2603",
    "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
]