cvedb.io
CVE-2017-14388
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2017-11-13T17:29:00.537 · Last modified 2026-06-17T01:06:03.450

Summary

Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.

Affected products

pivotal_software — grootfs

Does this affect you?

Add your gear to cvedb and we'll alert you only when pivotal_software ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.