reports/GO-2021-0072.toml - vulndb - Git at Google

 module = "github.com/docker/distribution"
 package = "github.com/docker/distribution/registry/handlers"

 description = """
 Various storage methods do not impose limits on how much content is accepted
 from user requests, allowing a malicious user to force the caller to allocate
 an arbitary amount of memory.
 """

 cve = "CVE-2017-11468"

 symbols = ["copyFullPayload"]

 [[versions]]
 fixed = "v2.7.0-rc.0+incompatible"

 [[additional_packages]]
 module = "github.com/docker/distribution"
 package = "github.com/docker/distribution/registry/storage"
 symbols = ["blobStore.Get"]
 [[additional_packages.versions]]
 fixed = "v2.7.0-rc.0+incompatible"

 [links]
 commit = "https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f"
 pr = "https://github.com/distribution/distribution/pull/2340"
 context = [
     "https://access.redhat.com/errata/RHSA-2017:2603",
     "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
 ]
	module = "github.com/docker/distribution"
	package = "github.com/docker/distribution/registry/handlers"

	description = """
	Various storage methods do not impose limits on how much content is accepted
	from user requests, allowing a malicious user to force the caller to allocate
	an arbitary amount of memory.
	"""

	cve = "CVE-2017-11468"

	symbols = ["copyFullPayload"]

	[[versions]]
	fixed = "v2.7.0-rc.0+incompatible"

	[[additional_packages]]
	module = "github.com/docker/distribution"
	package = "github.com/docker/distribution/registry/storage"
	symbols = ["blobStore.Get"]
	[[additional_packages.versions]]
	fixed = "v2.7.0-rc.0+incompatible"

	[links]
	commit = "https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f"
	pr = "https://github.com/distribution/distribution/pull/2340"
	context = [
	"https://access.redhat.com/errata/RHSA-2017:2603",
	"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"
	]