Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 14 Oct 2016 02:53:13 +0000
From: 张开翔 <>
To: "" <>
Subject: docker2aci: infinite loop in deps walking(CVE-2016-8579)


It was found that docker2aci fall into an infinite loop while traversing the dependency ancestry of a malformed image file.
,this flaw may cause excessive CPU cycles & resources consume on the host. The happens because no essential check for duplicated
image ID found in  getAncestry() in docker2aci,

CVE-2016-8579 was assigned to this flaw by<>. Here the reply from CVE Assignment Team:

docker2aci is apparently a library [...] and we almost always recognize

the potential for an unattended use case for any library.


Someone can call the ConvertSavedFile function from an arbitrary

application. [...] It might be automated with cron or a similar unattended

tool that runs in an unrestricted (non-container) environment. Thus,

there is an availability impact because no human is around to notice

the CPU usage.

Use CVE-2016-8579.


Please, use it in the public communications regarding this flaw.

Best regards,

Kaixiang Zhang of Gear Team, Qihoo 360

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ