Launchpad CVE tracker

CVE 2023-2253

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.

Related bugs and status

CVE-2023-2253 (Candidate) is related to these bugs:

Bug #2019532: Sync docker-registry 2.8.2+ds1-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	2019532	Sync docker-registry 2.8.2+ds1-1 (universe) from Debian unstable (main)		docker-registry (Ubuntu)	Undecided	Fix Released

Bug #2022018: [Debian] High CVE: CVE-2023-2253: docker-registry: denial of service by a crafted malicious

Summary				In	Importance	Status
	2022018	[Debian] High CVE: CVE-2023-2253: docker-registry: denial of service by a crafted malicious		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2023-2253

Related bugs and status

Related bugs

References