{"id":"CVE-2017-14992","details":"Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.","aliases":["GHSA-hqwh-8xv9-42hw","GO-2025-3640"],"modified":"2026-03-12T22:35:35.656641Z","published":"2017-11-01T17:29:00.277Z","related":["MGASA-2018-0398","SUSE-SU-2018:0386-1","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2024:10722-1","openSUSE-SU-2024:11385-1","openSUSE-SU-2025:15033-1","openSUSE-SU-2025:15589-1"],"references":[{"type":"ADVISORY","url":"https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/"},{"type":"REPORT","url":"https://github.com/moby/moby/issues/35075"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/docker/docker","events":[{"introduced":"0"},{"last_affected":"20f81dde9bd97c86b2d0e33bbbf1388018611929"},{"introduced":"0"},{"last_affected":"60ccb2265b0574d6c1c1090876a1d1ab32bed60e"},{"introduced":"0"},{"last_affected":"c6d412e329c85f32a4b2269b49aaa0794affcf88"},{"introduced":"0"},{"last_affected":"f5ec1e2936dcbe7b5001c2b817188b095c700c27"},{"introduced":"0"},{"last_affected":"9c5bb024df387b67bb07251265394b87c18014e4"},{"introduced":"0"},{"last_affected":"9ae42ade4abd3cf2c57c475c2e800bb3a1a62158"},{"introduced":"0"},{"last_affected":"5f70730d579a1c9d48a2d4259f57fb698960baf4"},{"introduced":"0"},{"last_affected":"91437e70a02d6292a9e706378df34a67d5f7371e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.10.3"},{"introduced":"0"},{"last_affected":"17.03.0"},{"introduced":"0"},{"last_affected":"17.03.1"},{"introduced":"0"},{"last_affected":"17.03.2"},{"introduced":"0"},{"last_affected":"17.06.0"},{"introduced":"0"},{"last_affected":"17.06.1"},{"introduced":"0"},{"last_affected":"17.06.2"},{"introduced":"0"},{"last_affected":"17.09.0"}]}}],"versions":["0.0.3","autorun/1","docs-v1.12.0-rc4-2016-07-15","upstream/0.1.1","upstream/0.1.2","upstream/0.1.3","upstream/0.1.4","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.10.0","v0.11.0","v0.11.1","v0.12.0","v0.2.0","v0.2.1","v0.2.2","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.4.8","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.6.4","v0.6.5","v0.6.6","v0.6.7","v0.7.0","v0.7.0-rc5","v0.7.0-rc6","v0.7.1","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.7.6","v0.8.0","v0.8.1","v0.9.0","v1.0.0","v1.0.1","v1.1.0","v1.1.1","v1.1.2","v1.13.0","v1.13.0-rc1","v1.13.0-rc2","v1.13.0-rc3","v1.13.0-rc4","v1.13.0-rc5","v1.13.0-rc6","v1.13.0-rc7","v1.13.1","v1.13.1-rc1","v1.13.1-rc2","v1.2.0","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.4.0","v1.4.1","v17.03.0-ce","v17.03.0-ce-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14992.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.12.6-0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}