{"id":"CVE-2018-15514","details":"HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\\\.\\pipe\\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the \"docker-users\" group (who may not otherwise have administrator access) to escalate to administrator privileges.","modified":"2026-04-10T04:06:16.194773Z","published":"2018-09-01T01:29:00.233Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105202"},{"type":"ADVISORY","url":"https://docs.docker.com/docker-for-windows/edge-release-notes/"},{"type":"ADVISORY","url":"https://docs.docker.com/docker-for-windows/release-notes/"},{"type":"EVIDENCE","url":"https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/docker/docker","events":[{"introduced":"0"},{"last_affected":"4dc5990d7565a4a15d641bc6a0bc50a02cfcf302"},{"introduced":"0"},{"last_affected":"8eab29edd820017901796eb60d4bea28d760f16f"},{"introduced":"0"},{"last_affected":"23cf638307f030cd8d48c9efc21feec18a6f88f8"},{"introduced":"0"},{"last_affected":"6b644ecc1977c479212676757bff05664fcb655a"},{"introduced":"0"},{"last_affected":"7392c3b0ce0f9d3e918a321c66668c5d1ef4f689"},{"introduced":"0"},{"last_affected":"49bf474f9ed7ce7143a59d1964ff7b7fd9b52178"},{"introduced":"0"},{"last_affected":"092cba3727bb9b4a2f0e922cd6c0f93ea270e363"},{"introduced":"0"},{"last_affected":"60ccb2265b0574d6c1c1090876a1d1ab32bed60e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.11.0"},{"introduced":"0"},{"last_affected":"1.12.0"},{"introduced":"0"},{"last_affected":"1.12.1"},{"introduced":"0"},{"last_affected":"1.12.3"},{"introduced":"0"},{"last_affected":"1.12.5"},{"introduced":"0"},{"last_affected":"1.13.0"},{"introduced":"0"},{"last_affected":"1.13.1"},{"introduced":"0"},{"last_affected":"17.03.0"}]}}],"versions":["0.0.3","docs-v1.12.0-rc4-2016-07-15","upstream/0.1.2","upstream/0.1.3","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.2.0","v0.2.1","v0.2.2","v0.3.0","v0.3.1","v0.3.2","v0.4.1","v0.4.2","v0.4.4","v0.4.5","v0.4.7","v0.5.0","v0.6.5","v0.7.0","v0.7.1","v0.7.2","v1.11.0","v1.12.0","v1.12.0-rc1","v1.12.0-rc2","v1.12.0-rc4","v1.12.0-rc5","v1.12.1","v1.12.1-rc1","v1.12.1-rc2","v1.12.2","v1.12.2-rc1","v1.12.2-rc2","v1.12.2-rc3","v1.12.3","v1.12.3-rc1","v1.12.4","v1.12.4-rc1","v1.12.5","v1.12.5-rc1","v1.13.0","v1.13.0-rc1","v1.13.0-rc2","v1.13.0-rc3","v1.13.0-rc4","v1.13.0-rc5","v1.13.0-rc6","v1.13.0-rc7","v1.13.1","v1.13.1-rc1","v1.13.1-rc2","v17.03.0-ce","v17.03.0-ce-rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.10.0.0-0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.1.42-1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.2.12"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.2.14"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.0-beta10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.0-beta7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.0-beta8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.0-beta9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.1-beta11"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.1-beta11b"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.1-beta12"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.1-beta13"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.1-beta14"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.2-beta15"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.0-beta21"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.0-beta22"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.0-rc2\\-beta16"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.0-rc2\\-beta17"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.0-rc3\\-beta18"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.0-rc3\\-beta18\\.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.0-rc4\\-beta19"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.0-rc4\\-beta20"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.1-beta24"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.1-beta25"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.1-beta26"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.1-beta29\\.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.1-rc1\\-beta23"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.2-beta29\\.2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.2-rc1\\-beta27"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.2-rc3\\-beta28"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.3-beta29\\.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.3-beta30"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.3-rc1\\-beta29"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-beta38"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-beta39"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-rc2\\-beta31"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-rc3\\-beta32"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-rc3\\-beta32\\.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-rc3\\-beta33"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-rc4\\-beta34"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-rc5\\-beta35"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-rc6\\-beta36"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.0-rc7\\-beta37"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.1-rc1\\-beta40"}]},{"events":[{"introduced":"0"},{"last_affected":"1.13.1-rc2\\-beta41"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.4-win7"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.5-win9"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.0-rc1\\-win1"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.1-win12"}]},{"events":[{"introduced":"0"},{"last_affected":"17.04.0-win6"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.0-win13"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.0-win14"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.0-win15"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.0-win16"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.0-win17"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.0-win18"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.1-rc1\\-win20"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.1-rc1\\-win24"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-win27"}]},{"events":[{"introduced":"0"},{"last_affected":"17.07.0-rc1\\-win21"}]},{"events":[{"introduced":"0"},{"last_affected":"17.07.0-rc2\\-win22"}]},{"events":[{"introduced":"0"},{"last_affected":"17.07.0-rc3\\-win23"}]},{"events":[{"introduced":"0"},{"last_affected":"17.07.0-rc4\\-win25"}]},{"events":[{"introduced":"0"},{"last_affected":"17.07.0-win26"}]},{"events":[{"introduced":"0"},{"last_affected":"17.09.0-rc1\\-win28"}]},{"events":[{"introduced":"0"},{"last_affected":"17.09.0-rc2\\-win29"}]},{"events":[{"introduced":"0"},{"last_affected":"17.09.0-rc3\\-win30"}]},{"events":[{"introduced":"0"},{"last_affected":"17.09.0-win31"}]},{"events":[{"introduced":"0"},{"last_affected":"17.09.0-win32"}]},{"events":[{"introduced":"0"},{"last_affected":"17.09.0-win33"}]},{"events":[{"introduced":"0"},{"last_affected":"17.09.0-win34"}]},{"events":[{"introduced":"0"},{"last_affected":"17.09.1-win42"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10.0-win36"}]},{"events":[{"introduced":"0"},{"last_affected":"17.11.0-rc2\\-win37"}]},{"events":[{"introduced":"0"},{"last_affected":"17.11.0-rc3\\-win38"}]},{"events":[{"introduced":"0"},{"last_affected":"17.11.0-rc4\\-win39"}]},{"events":[{"introduced":"0"},{"last_affected":"17.11.0-win40"}]},{"events":[{"introduced":"0"},{"last_affected":"17.12.0-rc2\\-win41"}]},{"events":[{"introduced":"0"},{"last_affected":"17.12.0-rc3\\-win43"}]},{"events":[{"introduced":"0"},{"last_affected":"17.12.0-rc4\\-win44"}]},{"events":[{"introduced":"0"},{"last_affected":"17.12.0-win45"}]},{"events":[{"introduced":"0"},{"last_affected":"17.12.0-win46"}]},{"events":[{"introduced":"0"},{"last_affected":"17.12.0-win47"}]},{"events":[{"introduced":"0"},{"last_affected":"18.01.0-win48"}]},{"events":[{"introduced":"0"},{"last_affected":"18.02.0-rc1\\-win50"}]},{"events":[{"introduced":"0"},{"last_affected":"18.02.0-rc2\\-win51"}]},{"events":[{"introduced":"0"},{"last_affected":"18.02.0-win52"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.0-rc3\\-win56"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.0-win58"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.0-win59"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-win65"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04.0-rc2\\-win61"}]},{"events":[{"introduced":"0"},{"last_affected":"18.05.0-rc1\\-win63"}]},{"events":[{"introduced":"0"},{"last_affected":"18.05.0-win66"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15514.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}