Docker Engine before 19.03.11 Improper Input Validation Vulnerability


In the Docker default configuration, the container network interface is a virtual ethernet link going to the host (veth interface). In this configuration, an attacker able to run a process as root in a container can send and receive arbitrary packets to the host using the CAP_NET_RAW capability (present in the default configuration).


The information has been provided by Joel Smith

The original article can be found at:


An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.


Vulnerable Systems:

Docker Engine before 19.03.11


CVE Information:


Disclosure Timeline:
Published Date:6/2/2020

Categories: FeaturedNews