Improper Initialization

CVE-2019-14271

High

9.8/10

Summary

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-665 - Improper Initialization

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References

Advisory Timeline

Published Jul 29, 2019

Improper Initialization

CVE-2019-14271

Summary

CWE-665 - Improper Initialization

References

Advisory Timeline

DustiLock

CuteBoi

OWASP ZAP