CVE-2019-14271

Publication date 29 July 2019

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

Read the notes from the security team

Status

Package Ubuntu Release Status
docker.io 19.04 disco
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release

Notes

ebarretto

According to upstream, it only affects v19.03.0.

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.8 · Critical

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Other references

Access our resources on patching vulnerabilities