Permalink
CVE-2021-33634
6.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Malicious image running containers may cause DoS attacks
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.
References
- https://gitee.com/src-openeuler/lcr/pulls/251/files
- https://gitee.com/src-openeuler/lcr/pulls/257/files
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-S…
- https://gitee.com/src-openeuler/lcr/pulls/251/files x_transferred
- https://gitee.com/src-openeuler/lcr/pulls/257/files x_transferred
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-S… x_transferred
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-S…
- https://gitee.com/src-openeuler/lcr/pulls/251/files
- https://gitee.com/src-openeuler/lcr/pulls/257/files
- https://gitee.com/src-openeuler/lcr/pulls/251/files x_transferred
- https://gitee.com/src-openeuler/lcr/pulls/257/files x_transferred
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-S… x_transferred
Affected products
lcr
- =<2.0.9-6,2.1.2-3
Matching in nixpkgs
pkgs.fulcrum
Fast & nimble SPV server for Bitcoin Cash & Bitcoin BTC
-
nixos-unstable -
- nixpkgs-unstable 1.12.0.1
pkgs.python312Packages.mlcroissant
High-level format for machine learning datasets that brings together four rich layers
-
nixos-unstable -
- nixpkgs-unstable 1.0.22
pkgs.python313Packages.mlcroissant
High-level format for machine learning datasets that brings together four rich layers
-
nixos-unstable -
- nixpkgs-unstable 1.0.22
Package maintainers
-
@prusnak Pavol Rusnak <pavol@rusnak.io>
-
@DMills27 Dominic Mills
-
@jleightcap Jack Leightcap <jack@leightcap.com>
-
@Chickensoupwithrice Anish Lakhwara
-
@albertchae Albert Chae
-
@jasonodoom Jason Odoom <jasonodoom@riseup.net>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>