blob: 74dae646d00f1f710f319a6be227abeb0c42af97 [file] [log] [blame]
id: GO-2023-1772
modules:
- module: github.com/distribution/distribution
versions:
- fixed: 2.8.2-beta.1+incompatible
vulnerable_at: 2.8.1+incompatible
packages:
- package: github.com/distribution/distribution/registry/handlers
symbols:
- catalogHandler.GetCatalog
summary: Memory exhaustion in github.com/distribution/distribution
description: |-
Systems that run distribution built after a specific commit running on
memory-restricted environments can suffer from denial of service by a crafted
malicious /v2/_catalog API endpoint request.
cves:
- CVE-2023-2253
ghsas:
- GHSA-hqxw-f8mx-cpmw
references:
- fix: https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc
- advisory: https://github.com/advisories/GHSA-hqxw-f8mx-cpmw
review_status: REVIEWED