What is CVE-2023-2253?

CVE-2023-2253 is a vulnerability in Distribution/distribution, classified under CWE-475. Published 2023-06-06.

Is CVE-2023-2253 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Distribution/distribution

CVE-2023-2253

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreason…

EPSS: 0.001 (34.9th percentile) — read the EPSS interpretation.

Affected products

N/a Distribution/distribution — versions NA

Weakness classification (CWE)

CWE-475

Public proof-of-concept exploits

ricardobranco777/regview

References

bugzilla.redhat.com/show_bug.cgi
[debian-lts-announce] 20230629 [SECURITY] [DLA 3473-1] docker-registry security update (mailing-list)

Frequently asked questions

What is CVE-2023-2253?: CVE-2023-2253 is a vulnerability in Distribution/distribution, classified under CWE-475. Published 2023-06-06.
Is CVE-2023-2253 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.