x/vulndb: potential Go vuln in github.com/docker/engine: CVE-2018-20699

[tatianab]

CVE-2018-20699 references github.com/docker/engine, which may be a Go module.

Description:
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2018-20699
• fix: [18.09] backport fix denial of service with large numbers in cpuset-cpus and cpuset-mems docker-archive/engine#70
• fix: Fix denial of service with large numbers in cpuset-cpus and cpuset-mems moby/moby#37967
• web: https://access.redhat.com/errata/RHSA-2019:0487
• Imported by: https://pkg.go.dev/github.com/docker/engine?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/docker/engine
      vulnerable_at: 1.13.1
      packages:
        - package: n/a
cves:
    - CVE-2018-20699
references:
    - fix: https://github.com/docker/engine/pull/70
    - fix: https://github.com/moby/moby/pull/37967
    - web: https://access.redhat.com/errata/RHSA-2019:0487

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports