{"id":"CVE-2017-11468","details":"Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.","aliases":["GHSA-h62f-wm92-2cmw","GO-2021-0072"],"modified":"2026-03-14T09:21:49.965975Z","published":"2017-07-20T23:29:00.187Z","related":["SUSE-SU-2018:0865-1","openSUSE-SU-2020:1433-1","openSUSE-SU-2024:10723-1","openSUSE-SU-2024:12135-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2603"},{"type":"ADVISORY","url":"https://github.com/docker/distribution/pull/2340"},{"type":"ADVISORY","url":"https://github.com/docker/distribution/releases/tag/v2.6.2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/distribution/distribution","events":[{"introduced":"0"},{"last_affected":"a25b9ef0c9fe242ac04bb20d3a028442b7d266b6"},{"fixed":"48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.1"}]}}],"versions":["docs-v2.4.1-2016-06-28","v2.0.0","v2.0.0-alpha.0","v2.0.0-alpha.1","v2.0.0-alpha.2","v2.0.0-alpha.3","v2.0.0-rc.0","v2.0.0-rc.1","v2.0.0-rc.2","v2.0.0-rc.3","v2.0.0-rc.4","v2.1.0","v2.1.0-rc.0","v2.1.1","v2.2.0","v2.2.1","v2.3.0-alpha","v2.3.0-rc.0","v2.3.0-rc.1","v2.3.0-rc.2","v2.4.0-rc.1","v2.5.0-rc.1","v2.6.0","v2.6.0-rc.1","v2.6.0-rc.2","v2.6.1","v2.6.1-rc.1","v2.6.1-rc.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11468.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}