VulnerableCode Package Details - pkg:deb/debian/docker.io@20.10.3%2Bdfsg1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-gund-83cy-9fap	moby Access to remapped root allows privilege escalation to real root ### Impact When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges. ### Patches Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. ### Credits Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com	CVE-2021-21284 GHSA-7452-xqpj-6rpc
VCID-uckr-kzdf-7ydj	moby docker daemon crash during image pull of malicious image ### Impact Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon. ### Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. ### Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.	CVE-2021-21285 GHSA-6fj5-m822-rqx8

Vulnerability

Summary

Aliases

VCID-gund-83cy-9fap

moby Access to remapped root allows privilege escalation to real root ### Impact When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges. ### Patches Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. ### Credits Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com

CVE-2021-21284
GHSA-7452-xqpj-6rpc

VCID-uckr-kzdf-7ydj

moby docker daemon crash during image pull of malicious image ### Impact Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon. ### Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. ### Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.

CVE-2021-21285
GHSA-6fj5-m822-rqx8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:01:06.524296+00:00	Debian Importer	Fixing	VCID-uckr-kzdf-7ydj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:13.477746+00:00	Debian Importer	Fixing	VCID-gund-83cy-9fap	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:56:46.129208+00:00	Debian Importer	Fixing	VCID-uckr-kzdf-7ydj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:54:55.123435+00:00	Debian Importer	Fixing	VCID-gund-83cy-9fap	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:16:59.873651+00:00	Debian Importer	Fixing	VCID-uckr-kzdf-7ydj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:02:47.531249+00:00	Debian Importer	Fixing	VCID-gund-83cy-9fap	https://security-tracker.debian.org/tracker/data/json	38.1.0