| |
Vulnerability CVE-2023-2253
Published: 2023-06-06
| Description: |
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. |
References: |
https://bugzilla.redhat.com/show_bug.cgi?id=2189886
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
