{"id":"CVE-2017-14388","details":"Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.","modified":"2026-04-10T03:58:51.251576Z","published":"2017-11-13T17:29:00.537Z","references":[{"type":"REPORT","url":"https://www.cloudfoundry.org/cve-2017-14388/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/grootfs","events":[{"introduced":"0"},{"last_affected":"243b25994be8786632dc5cddbf543f1b9af8cc93"},{"introduced":"0"},{"last_affected":"cb4ece0ece8dc3ac0d38c54d619e47dec1ad2b9d"},{"introduced":"0"},{"last_affected":"eda5e5183403e103b8258bef09c1423bbb872068"},{"introduced":"0"},{"last_affected":"dc1797a07a40db7ca99233394366074f6be11d8d"},{"introduced":"0"},{"last_affected":"00520d66bfb6a1546b372942f98695dbe9454d75"},{"introduced":"0"},{"last_affected":"5e6f94dd47c4d130f0553f77443f913ce4c88b25"},{"introduced":"0"},{"last_affected":"b0e579382940e6b4cd3aae93b3194c33e270ef56"},{"introduced":"0"},{"last_affected":"4cb198139be024d1ec46f47b1c3f723bb0ff645c"},{"introduced":"0"},{"last_affected":"59545e3c89a5556a98eec90fe2ef86c7372605e5"},{"introduced":"0"},{"last_affected":"9e4e6b03be7ba03d415395a117719443572f5cb3"},{"introduced":"0"},{"last_affected":"fd48c94e62292434a605035aa0ac2e1d141e3d93"},{"introduced":"0"},{"last_affected":"c87252f538560a0e0ec90220d73361787ac8fe6c"},{"introduced":"0"},{"last_affected":"316f8f2c25d839a9ebc419393abfe1c75009dbdf"},{"introduced":"0"},{"last_affected":"e1de76d65c2ca8c4ae2172a42d03a53a05dc1eee"},{"introduced":"0"},{"last_affected":"707bff0d419ef9986d1e8fbc7e9f014aef6b477d"},{"introduced":"0"},{"last_affected":"8321aac591d057e3361f72f48d1eba540a38a91c"},{"introduced":"0"},{"last_affected":"4942760515561048ae5501da04ca85f09d43f8b7"},{"introduced":"0"},{"last_affected":"9c0f6d5265b34005d49594b47e6bbbdd8c1f83eb"},{"introduced":"0"},{"last_affected":"541d3f7b1cf78a50d708691a528b16d0f7a0f600"},{"introduced":"0"},{"last_affected":"adc6df6fbce380583243993a58f5da8dc90f7a89"},{"introduced":"0"},{"last_affected":"1b6cee582d961812a0edfe1655e189335722d349"},{"introduced":"0"},{"last_affected":"c725018b0a99410974477bd2e6f220ebe37eabba"},{"introduced":"0"},{"last_affected":"fbd5f2b12d3b1a16ca301982390a1d827cea8740"},{"introduced":"0"},{"last_affected":"b0f4f42ef691e8717f692cc202ded7c1d179dc23"},{"introduced":"0"},{"last_affected":"38023b06b6c76cd41b81aeb56520b055b983a3f2"},{"introduced":"0"},{"last_affected":"a0a82fc7fb24883908692cee33ee9f978e59ced9"},{"introduced":"0"},{"last_affected":"4c92dfed6eb4b36b2e3f1e449cae0df48d32cbe0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.3.0"},{"introduced":"0"},{"last_affected":"0.4.0"},{"introduced":"0"},{"last_affected":"0.5.0"},{"introduced":"0"},{"last_affected":"0.6.0"},{"introduced":"0"},{"last_affected":"0.7.0"},{"introduced":"0"},{"last_affected":"0.8.0"},{"introduced":"0"},{"last_affected":"0.9.0"},{"introduced":"0"},{"last_affected":"0.10.0"},{"introduced":"0"},{"last_affected":"0.11.0"},{"introduced":"0"},{"last_affected":"0.12.0"},{"introduced":"0"},{"last_affected":"0.13.0"},{"introduced":"0"},{"last_affected":"0.14.0"},{"introduced":"0"},{"last_affected":"0.15.0"},{"introduced":"0"},{"last_affected":"0.16.0"},{"introduced":"0"},{"last_affected":"0.17.0"},{"introduced":"0"},{"last_affected":"0.17.1"},{"introduced":"0"},{"last_affected":"0.18.0"},{"introduced":"0"},{"last_affected":"0.19.0"},{"introduced":"0"},{"last_affected":"0.20.0"},{"introduced":"0"},{"last_affected":"0.21.0"},{"introduced":"0"},{"last_affected":"0.24.0"},{"introduced":"0"},{"last_affected":"0.25.0"},{"introduced":"0"},{"last_affected":"0.26.0"},{"introduced":"0"},{"last_affected":"0.27.0"},{"introduced":"0"},{"last_affected":"0.28.0"},{"introduced":"0"},{"last_affected":"0.28.1"},{"introduced":"0"},{"last_affected":"0.29.0"}]}}],"versions":["v0.1.0","v0.10.0","v0.11.0","v0.12.0","v0.13.0","v0.14.0","v0.15.0","v0.16.0","v0.17.0","v0.17.1","v0.18.0","v0.19.0","v0.2.0","v0.20.0","v0.21.0","v0.24.0","v0.25.0","v0.26.0","v0.27.0","v0.28.0","v0.28.1","v0.29.0","v0.3.0","v0.4.0","v0.5.0","v0.6.0","v0.7.0","v0.8.0","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14388.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}