Lucene search

OpenEulerVULNRICHMENT:CVE-2021-33636

HistoryOct 29, 2023 - 7:58 a.m.

CVE-2021-33636 Load malicious images may cause process to be hijacked

2023-10-2907:58:05

CWE-665

openEuler

github.com

cve-2021-33636

isula load command

malicious images hijack

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

When the isula load command is used to load malicious images, attackers can execute arbitrary code.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*"
    ],
    "vendor": "openeuler",
    "product": "isulad",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

gitee.com/src-openeuler/iSulad/pulls/600/files

gitee.com/src-openeuler/iSulad/pulls/627/files

www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2021-33636