CVE-2024-36623

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36623
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29 Third Party Advisory
https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115 Product
https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb Patch
https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
History

02 Jul 2025, 20:36

Type Values Removed Values Added
References () https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29 - () https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29 - Third Party Advisory
References () https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115 - () https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115 - Product
References () https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb - () https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb - Patch
References () https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8 - () https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8 - Patch
First Time Mobyproject
Mobyproject moby
CPE cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*

01 May 2025, 14:15

Type Values Removed Values Added
Summary (en) moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. (en) moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
References
  • () https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8 -

04 Dec 2024, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
Summary
  • (es) moby v25.0.3 tiene una vulnerabilidad de condición de ejecución en el paquete streamformatter que puede usarse para activar múltiples operaciones de escritura simultáneas que resulten en corrupción de datos o fallos de la aplicación.
CWE CWE-362

29 Nov 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-29 18:15

Updated : 2025-07-02 20:36

NVD link : CVE-2024-36623

Mitre link : CVE-2024-36623

CVE.ORG link : CVE-2024-36623

JSON object : View

Products Affected

mobyproject

  • moby
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')