CVE-2023-2253 Information

Description

A flaw was found in the /v2/_catalog endpoint in distribution/distribution which accepts a parameter to control the maximum number of records returned (query string: n). This vulnerability allows a malicious user to submit an unreasonably large value for n causing the allocation of a massive string array possibly causing a denial of service through excessive use of memory.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2189886