Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2021-21285 : What You Need to Know

CVE-2021-21285 affects Docker versions < 19.03.15 and >= 20.0.0, < 20.10.3. Learn about the impact, technical details, and mitigation steps for this vulnerability.

A vulnerability in Docker versions < 19.03.15 and >= 20.0.0, < 20.10.3 allows an attacker to crash the dockerd daemon by pulling a malformed Docker image manifest. Version 20.10.3 and 19.03.15 have patches to prevent this crash.

Understanding CVE-2021-21285

This CVE highlights a vulnerability in Docker that can lead to a denial of service condition due to a crash in the dockerd daemon.

What is CVE-2021-21285?

CVE-2021-21285 is a vulnerability in specific versions of Docker that allows a malicious Docker image manifest to crash the dockerd daemon.

The Impact of CVE-2021-21285

The impact of this vulnerability is medium with a CVSS base score of 6.5. An attacker can exploit this flaw to cause a denial of service by crashing the dockerd daemon.

Technical Details of CVE-2021-21285

This section covers the technical aspects of the vulnerability.

Vulnerability Description

The vulnerability arises from pulling a specially crafted Docker image manifest that causes the dockerd daemon to crash.

Affected Systems and Versions

The affected versions include < 19.03.15 and >= 20.0.0, < 20.10.3 of Docker.

Exploitation Mechanism

An attacker can exploit this vulnerability by pulling a Docker image manifest designed to crash the dockerd daemon.

Mitigation and Prevention

To protect your system from CVE-2021-21285, follow the mitigation strategies below.

Immediate Steps to Take

Update Docker to version 20.10.3 or 19.03.15 to apply the patches that prevent the daemon crash.

Long-Term Security Practices

Regularly update Docker to the latest versions and monitor security advisories for any new vulnerabilities.

Patching and Updates

Install security patches promptly and ensure that Docker is always up to date to mitigate potential risks.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now