CVE-2024-57782
📋 TL;DR
A denial-of-service vulnerability in Docker-proxy v18.09.0 allows attackers to crash or degrade the proxy service, disrupting container networking. This affects systems running the vulnerable Docker-proxy version, potentially impacting containerized applications that rely on network connectivity through the proxy.
💻 Affected Systems
- Docker-proxy
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete disruption of container networking, causing application downtime and service unavailability across all containers using the proxy.
Likely Case
Intermittent network connectivity issues for containers, degraded performance, and potential service restarts.
If Mitigated
Minimal impact with proper network segmentation and monitoring in place to detect and respond to DoS attempts.
🎯 Exploit Status
Based on CWE-400 (Uncontrolled Resource Consumption), exploitation likely involves sending crafted requests to exhaust resources. No public exploit details available in the provided reference.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Docker Engine version 18.09.1 or later
Vendor Advisory: https://docs.docker.com/engine/release-notes/
Restart Required: Yes
Instructions:
1. Stop all running containers. 2. Backup container data. 3. Update Docker Engine to version 18.09.1 or newer using your package manager. 4. Restart Docker service. 5. Verify the update with 'docker version'.
🔧 Temporary Workarounds
Network Isolation
linuxRestrict network access to Docker-proxy to trusted sources only
iptables -A INPUT -p tcp --dport 2375 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 2375 -j DROP
Resource Limits
linuxImplement resource limits on Docker-proxy process to mitigate resource exhaustion
systemctl set-property docker-proxy.service CPUQuota=50%
systemctl set-property docker-proxy.service MemoryLimit=512M
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach Docker-proxy
- Monitor Docker-proxy resource usage and set up alerts for abnormal consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check Docker-proxy version with 'docker-proxy --version' or examine Docker Engine version with 'docker version'Check Version:
docker version --format '{{.Server.Version}}'Verify Fix Applied:
Confirm Docker Engine version is 18.09.1 or newer with 'docker version' and test container networking functionality📡 Detection & Monitoring
Log Indicators:
- Docker-proxy crash logs
- High resource consumption alerts
- Container network connectivity errors
Network Indicators:
- Unusual traffic patterns to Docker-proxy port
- Multiple connection attempts from single source
SIEM Query:
source="docker" AND ("proxy" OR "network") AND ("error" OR "crash" OR "denial")