{"id":"CVE-2024-36620","details":"moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.","aliases":["GHSA-q59j-vv4j-v33c","GO-2024-3311"],"modified":"2026-04-10T05:13:54.395112Z","published":"2024-11-29T18:15:07.787Z","related":["CGA-9g36-xr6f-cp9q","openSUSE-SU-2024:14567-1"],"references":[{"type":"WEB","url":"https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48"},{"type":"ADVISORY","url":"https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2"},{"type":"FIX","url":"https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moby/moby","events":[{"introduced":"615dfdf67264ed5b08dd5e86657bf0e580731cea"},{"last_affected":"7cef0d9cd1cf221d8c0b7b7aeda69552649e0642"},{"fixed":"ab570ab3d62038b3d26f96a9bb585d0b6095b9b4"}],"database_specific":{"versions":[{"introduced":"25.0.0"},{"last_affected":"26.0.2"}]}}],"versions":["v25.0.0","v26.0.0","v26.0.0-rc1","v26.0.0-rc2","v26.0.0-rc3","v26.0.1","v26.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36620.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}