CVE-2021-33634

2023-10-2908:15:20

CWE-665

[email protected]

web.nvd.nist.gov

isulad

lcr

lxc

runtime

malicious images

dos

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.

Affected configurations

NVD

Node

openeulericrRange<2.0.9-6

openeulericrRange2.1.0–2.1.2-3

CPENameOperatorVersion
openeuler:icropeneuler icrlt2.0.9-6
openeuler:icropeneuler icrlt2.1.2-3

CPE	Name	Operator	Version
openeuler:icr	openeuler icr	lt	2.0.9-6
openeuler:icr	openeuler icr	lt	2.1.2-3

CNA Affected

[
  {
    "collectionURL": "https://gitee.com/src-openeuler",
    "defaultStatus": "unaffected",
    "modules": [
      "runtime"
    ],
    "packageName": "lcr",
    "platforms": [
      "Linux"
    ],
    "product": "lcr",
    "programFiles": [
      "https://gitee.com/openeuler/lcr/blob/master/src/runtime/lcrcontainer.c"
    ],
    "repo": "https://gitee.com/src-openeuler/lcr",
    "vendor": "openEuler",
    "versions": [
      {
        "changes": [
          {
            "at": "0012-265-set-env-to-avoid-invoke-lxc-binary-directly.patch",
            "status": "unaffected"
          },
          {
            "at": "0008-266-set-env-to-avoid-invoke-lxc-binary-directly.patch",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.0.9-6,2.1.2-3",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]