Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for iSulad by openEuler
CVE-2021-33632 (GCVE-0-2021-33632)
Vulnerability from nvd – Published: 2024-03-25 06:59 – Updated: 2024-08-03 23:58
VLAI?
Title
TOCTOU Race Condition problem in iSulad
Summary
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.
This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openeuler:isula:2.0.18-13:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "isula",
"vendor": "openeuler",
"versions": [
{
"status": "affected",
"version": "2.0.18-13"
}
]
},
{
"cpes": [
"cpe:2.3:a:openeuler:isula:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "isula",
"vendor": "openeuler",
"versions": [
{
"lessThanOrEqual": "2.1.4-2",
"status": "affected",
"version": "2.1.4-1",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33632",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:14:49.794932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:19:38.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/645"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/640"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/openeuler",
"defaultStatus": "unaffected",
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/cmd/isulad/main.c"
],
"repo": "https://gitee.com/openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"status": "affected",
"version": "2.0.18-13"
},
{
"changes": [
{
"at": "7cb6c860e9b56def7667096351cabf793dc5645a upgrade from upstream",
"status": "unaffected"
},
{
"at": "317841cf45d60159c14df77c2167a6ddcf673061 upgrade from upstream",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.4-2",
"status": "affected",
"version": "2.1.4-1",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dbearzhu@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\u003c/p\u003e"
}
],
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.\n\nThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T06:59:53.586Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/645"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/640"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/639"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TOCTOU Race Condition problem in iSulad",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33632",
"datePublished": "2024-03-25T06:59:42.307Z",
"dateReserved": "2021-05-28T14:26:05.941Z",
"dateUpdated": "2024-08-03T23:58:21.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33638 (GCVE-0-2021-33638)
Vulnerability from nvd – Published: 2023-10-29 07:59 – Updated: 2024-09-09 14:09
VLAI?
Title
Run copy with container in a malicious directory may cause container escaping
Summary
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.
Severity ?
8.4 (High)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:09:31.917709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:09:44.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"image"
],
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
],
"repo": "https://gitee.com/src-openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
"status": "unaffected"
},
{
"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "panwenjie2@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"
}
],
"value": "\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-480 Escaping Virtualization"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T07:59:45.026Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Run copy with container in a malicious directory may cause container escaping",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33638",
"datePublished": "2023-10-29T07:59:45.026Z",
"dateReserved": "2021-05-28T14:26:05.943Z",
"dateUpdated": "2024-09-09T14:09:44.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33637 (GCVE-0-2021-33637)
Vulnerability from nvd – Published: 2023-10-29 07:58 – Updated: 2024-09-09 14:10
VLAI?
Title
Export container in a malicious directory may cause process to be hijacked
Summary
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.
Severity ?
8.4 (High)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:10:22.389662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:35.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"image"
],
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
],
"repo": "https://gitee.com/src-openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
"status": "unaffected"
},
{
"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "panwenjie2@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n"
}
],
"value": "\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T07:58:55.220Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Export container in a malicious directory may cause process to be hijacked",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33637",
"datePublished": "2023-10-29T07:58:55.220Z",
"dateReserved": "2021-05-28T14:26:05.942Z",
"dateUpdated": "2024-09-09T14:10:35.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33636 (GCVE-0-2021-33636)
Vulnerability from nvd – Published: 2023-10-29 07:58 – Updated: 2024-09-09 14:15
VLAI?
Title
Load malicious images may cause process to be hijacked
Summary
When the isula load command is used to load malicious images, attackers can execute arbitrary code.
Severity ?
8.4 (High)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "isulad",
"vendor": "openeuler",
"versions": [
{
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:11:00.313285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:15:38.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"image"
],
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
],
"repo": "https://gitee.com/src-openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
"status": "unaffected"
},
{
"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "panwenjie2@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n"
}
],
"value": "\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T07:58:05.033Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Load malicious images may cause process to be hijacked",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33636",
"datePublished": "2023-10-29T07:58:05.033Z",
"dateReserved": "2021-05-28T14:26:05.942Z",
"dateUpdated": "2024-09-09T14:15:38.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33635 (GCVE-0-2021-33635)
Vulnerability from nvd – Published: 2023-10-29 07:56 – Updated: 2024-09-09 14:20
VLAI?
Title
Pull malicious images may cause process to be hijacked
Summary
When malicious images are pulled by isula pull, attackers can execute arbitrary code.
Severity ?
9.8 (Critical)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "isulad",
"vendor": "openeuler",
"versions": [
{
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:17:09.942436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:20:16.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"image"
],
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
],
"repo": "https://gitee.com/src-openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
"status": "unaffected"
},
{
"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "panwenjie2@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When malicious images are pulled by isula pull, attackers can execute arbitrary code."
}
],
"value": "When malicious images are pulled by isula pull, attackers can execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T07:56:44.304Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pull malicious images may cause process to be hijacked",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33635",
"datePublished": "2023-10-29T07:56:44.304Z",
"dateReserved": "2021-05-28T14:26:05.942Z",
"dateUpdated": "2024-09-09T14:20:16.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33632 (GCVE-0-2021-33632)
Vulnerability from cvelistv5 – Published: 2024-03-25 06:59 – Updated: 2024-08-03 23:58
VLAI?
Title
TOCTOU Race Condition problem in iSulad
Summary
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.
This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openeuler:isula:2.0.18-13:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "isula",
"vendor": "openeuler",
"versions": [
{
"status": "affected",
"version": "2.0.18-13"
}
]
},
{
"cpes": [
"cpe:2.3:a:openeuler:isula:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "isula",
"vendor": "openeuler",
"versions": [
{
"lessThanOrEqual": "2.1.4-2",
"status": "affected",
"version": "2.1.4-1",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33632",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:14:49.794932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:19:38.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/645"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/640"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/openeuler",
"defaultStatus": "unaffected",
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/cmd/isulad/main.c"
],
"repo": "https://gitee.com/openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"status": "affected",
"version": "2.0.18-13"
},
{
"changes": [
{
"at": "7cb6c860e9b56def7667096351cabf793dc5645a upgrade from upstream",
"status": "unaffected"
},
{
"at": "317841cf45d60159c14df77c2167a6ddcf673061 upgrade from upstream",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.4-2",
"status": "affected",
"version": "2.1.4-1",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dbearzhu@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\u003c/p\u003e"
}
],
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.\n\nThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T06:59:53.586Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"
},
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/645"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/640"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/639"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TOCTOU Race Condition problem in iSulad",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33632",
"datePublished": "2024-03-25T06:59:42.307Z",
"dateReserved": "2021-05-28T14:26:05.941Z",
"dateUpdated": "2024-08-03T23:58:21.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33638 (GCVE-0-2021-33638)
Vulnerability from cvelistv5 – Published: 2023-10-29 07:59 – Updated: 2024-09-09 14:09
VLAI?
Title
Run copy with container in a malicious directory may cause container escaping
Summary
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.
Severity ?
8.4 (High)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:09:31.917709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:09:44.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"image"
],
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
],
"repo": "https://gitee.com/src-openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
"status": "unaffected"
},
{
"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "panwenjie2@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"
}
],
"value": "\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-480 Escaping Virtualization"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T07:59:45.026Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Run copy with container in a malicious directory may cause container escaping",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33638",
"datePublished": "2023-10-29T07:59:45.026Z",
"dateReserved": "2021-05-28T14:26:05.943Z",
"dateUpdated": "2024-09-09T14:09:44.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33637 (GCVE-0-2021-33637)
Vulnerability from cvelistv5 – Published: 2023-10-29 07:58 – Updated: 2024-09-09 14:10
VLAI?
Title
Export container in a malicious directory may cause process to be hijacked
Summary
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.
Severity ?
8.4 (High)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:10:22.389662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:10:35.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"image"
],
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
],
"repo": "https://gitee.com/src-openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
"status": "unaffected"
},
{
"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "panwenjie2@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n"
}
],
"value": "\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T07:58:55.220Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Export container in a malicious directory may cause process to be hijacked",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33637",
"datePublished": "2023-10-29T07:58:55.220Z",
"dateReserved": "2021-05-28T14:26:05.942Z",
"dateUpdated": "2024-09-09T14:10:35.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33636 (GCVE-0-2021-33636)
Vulnerability from cvelistv5 – Published: 2023-10-29 07:58 – Updated: 2024-09-09 14:15
VLAI?
Title
Load malicious images may cause process to be hijacked
Summary
When the isula load command is used to load malicious images, attackers can execute arbitrary code.
Severity ?
8.4 (High)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "isulad",
"vendor": "openeuler",
"versions": [
{
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:11:00.313285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:15:38.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"image"
],
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
],
"repo": "https://gitee.com/src-openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
"status": "unaffected"
},
{
"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "panwenjie2@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n"
}
],
"value": "\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T07:58:05.033Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Load malicious images may cause process to be hijacked",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33636",
"datePublished": "2023-10-29T07:58:05.033Z",
"dateReserved": "2021-05-28T14:26:05.942Z",
"dateUpdated": "2024-09-09T14:15:38.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33635 (GCVE-0-2021-33635)
Vulnerability from cvelistv5 – Published: 2023-10-29 07:56 – Updated: 2024-09-09 14:20
VLAI?
Title
Pull malicious images may cause process to be hijacked
Summary
When malicious images are pulled by isula pull, attackers can execute arbitrary code.
Severity ?
9.8 (Critical)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "isulad",
"vendor": "openeuler",
"versions": [
{
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:17:09.942436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:20:16.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"image"
],
"packageName": "iSulad",
"platforms": [
"Linux"
],
"product": "iSulad",
"programFiles": [
"https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
],
"repo": "https://gitee.com/src-openeuler/iSulad",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
"status": "unaffected"
},
{
"at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "panwenjie2@huawei.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When malicious images are pulled by isula pull, attackers can execute arbitrary code."
}
],
"value": "When malicious images are pulled by isula pull, attackers can execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T07:56:44.304Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
},
{
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pull malicious images may cause process to be hijacked",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33635",
"datePublished": "2023-10-29T07:56:44.304Z",
"dateReserved": "2021-05-28T14:26:05.942Z",
"dateUpdated": "2024-09-09T14:20:16.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}