CVE-2023-40453

MEDIUM

Docker Machine < 0.16.2 - Denial of Service

Title source: rule

Description

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References (3)

[Release Notes] https://github.com/docker/machine/releases

[Exploit, Third Party Advisory] https://hackerone.com/reports/1916285

[Exploit, Third Party Advisory] https://vin01.github.io/piptagole/docker/security/gitlab/docker-machine/2023/07/07/docker-machine-attack-surface.html

Scores

CVSS v3 6.5

EPSS 0.0042

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-116

Status published

Products (1)

docker/machine < 0.16.2

Published Nov 07, 2023

Tracked Since Feb 18, 2026