CVE-2020-1702 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-1702 Interim 1 4 2025-02-17T01:44:29Z current 2023-10-31T00:40:31Z 2025-02-17T01:44:29Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-1702 A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d cockpit-podman-12-1.module+el8.2.0+5950+6d183a6a conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4 container-selinux-2.124.0-1.module+el8.2.0+5182+3136e5d4 containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9 containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb crit-3.12-9.module+el8.2.0+5029+3ac48e7d criu-3.12-9.module+el8.2.0+5029+3ac48e7d fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d podman-1.6.4-10.module+el8.2.0+6063+e761893a podman-docker-1.6.4-10.module+el8.2.0+6063+e761893a podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9 python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d toolbox-0.0.7-1.module+el8.2.0+6096+9c3f08f3 udica-0.2.1-2.module+el8.2.0+4896+8f613c81 buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d as a component of SUSE Liberty Linux 8 buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d as a component of SUSE Liberty Linux 8 cockpit-podman-12-1.module+el8.2.0+5950+6d183a6a as a component of SUSE Liberty Linux 8 conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4 as a component of SUSE Liberty Linux 8 container-selinux-2.124.0-1.module+el8.2.0+5182+3136e5d4 as a component of SUSE Liberty Linux 8 containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9 as a component of SUSE Liberty Linux 8 containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb as a component of SUSE Liberty Linux 8 crit-3.12-9.module+el8.2.0+5029+3ac48e7d as a component of SUSE Liberty Linux 8 criu-3.12-9.module+el8.2.0+5029+3ac48e7d as a component of SUSE Liberty Linux 8 fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d as a component of SUSE Liberty Linux 8 podman-1.6.4-10.module+el8.2.0+6063+e761893a as a component of SUSE Liberty Linux 8 podman-docker-1.6.4-10.module+el8.2.0+6063+e761893a as a component of SUSE Liberty Linux 8 podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a as a component of SUSE Liberty Linux 8 podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a as a component of SUSE Liberty Linux 8 python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9 as a component of SUSE Liberty Linux 8 python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d as a component of SUSE Liberty Linux 8 runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb as a component of SUSE Liberty Linux 8 skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb as a component of SUSE Liberty Linux 8 skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb as a component of SUSE Liberty Linux 8 slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d as a component of SUSE Liberty Linux 8 toolbox-0.0.7-1.module+el8.2.0+6096+9c3f08f3 as a component of SUSE Liberty Linux 8 udica-0.2.1-2.module+el8.2.0+4896+8f613c81 as a component of SUSE Liberty Linux 8 A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0. CVE-2020-1702 SUSE Liberty Linux 8:buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d SUSE Liberty Linux 8:buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d SUSE Liberty Linux 8:cockpit-podman-12-1.module+el8.2.0+5950+6d183a6a SUSE Liberty Linux 8:conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4 SUSE Liberty Linux 8:container-selinux-2.124.0-1.module+el8.2.0+5182+3136e5d4 SUSE Liberty Linux 8:containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9 SUSE Liberty Linux 8:containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb SUSE Liberty Linux 8:crit-3.12-9.module+el8.2.0+5029+3ac48e7d SUSE Liberty Linux 8:criu-3.12-9.module+el8.2.0+5029+3ac48e7d SUSE Liberty Linux 8:fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d SUSE Liberty Linux 8:podman-1.6.4-10.module+el8.2.0+6063+e761893a SUSE Liberty Linux 8:podman-docker-1.6.4-10.module+el8.2.0+6063+e761893a SUSE Liberty Linux 8:podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a SUSE Liberty Linux 8:podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a SUSE Liberty Linux 8:python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9 SUSE Liberty Linux 8:python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d SUSE Liberty Linux 8:runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb SUSE Liberty Linux 8:skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb SUSE Liberty Linux 8:skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb SUSE Liberty Linux 8:slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d SUSE Liberty Linux 8:toolbox-0.0.7-1.module+el8.2.0+6096+9c3f08f3 SUSE Liberty Linux 8:udica-0.2.1-2.module+el8.2.0+4896+8f613c81 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L