CVE-2019-1020014
MEDIUMdocker-credential-helpers <0.6.3 - Use After Free
Title source: llmDescription
docker-credential-helpers before 0.6.3 has a double free in the List functions.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4103-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4103-2/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73/
Scores
CVSS v3
5.5
EPSS
0.0008
EPSS Percentile
23.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-415
Status
published
Products (5)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.04
docker/credential_helpers
< 0.6.3
fedoraproject/fedora
32
Published
Jul 29, 2019
Tracked Since
Feb 18, 2026