VDB

GCVE-110-MAGEIA-2016-43

GCVE-110-MAGEIA-2016-43
Advisory Published
Vulnetix · Advisory published February 5, 2016
Manipulated layer IDs could have lead to local graph poisoning (CVE-2014-8178). Manifest validation and parsing logic errors allowed pull-by-digest validation bypass (CVE-2014-8179). To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to version 1.9.1.

Affected Products

VendorProductVersionsPlatforms
Mageiaclipgrab0 (affected), 3.5.6-1.mga5 (unaffected)
Mageiagolang0 (affected), 1.4.3-1.mga5 (unaffected), 0 (affected), 1.4.3-1.mga5 (unaffected)
Mageiadocker0 (affected), 1.9.1-1.mga5 (unaffected), 0 (affected), 1.9.1-1.mga5 (unaffected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›