VulnerableCode Package Details - pkg:deb/debian/docker.io@18.03.1%2Bdfsg1-2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-eb24-pguf-ryg1	tar-split memory exhaustion Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.	CVE-2017-14992 GHSA-hqwh-8xv9-42hw
VCID-qwqe-27yu-8kds	Docker Authentication Bypass An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.	CVE-2018-12608 GHSA-qrqr-3x5j-2xw9

Vulnerability

Summary

Aliases

VCID-eb24-pguf-ryg1

tar-split memory exhaustion Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

CVE-2017-14992
GHSA-hqwh-8xv9-42hw

VCID-qwqe-27yu-8kds

Docker Authentication Bypass An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.

CVE-2018-12608
GHSA-qrqr-3x5j-2xw9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:11:12.008307+00:00	Debian Importer	Fixing	VCID-qwqe-27yu-8kds	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:58:14.972605+00:00	Debian Importer	Fixing	VCID-eb24-pguf-ryg1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:04:25.773888+00:00	Debian Importer	Fixing	VCID-qwqe-27yu-8kds	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:10:24.171293+00:00	Debian Importer	Fixing	VCID-eb24-pguf-ryg1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:17:41.709370+00:00	Debian Importer	Fixing	VCID-qwqe-27yu-8kds	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:19.616612+00:00	Debian Importer	Fixing	VCID-eb24-pguf-ryg1	https://security-tracker.debian.org/tracker/data/json	38.1.0