iSulad
by Openeuler
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-33632 | Hig | 0.46 | 7.0 | 0.00 | Mar 25, 2024 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad… | ||
| CVE-2021-33638 | 0.00 | — | 0.00 | Oct 29, 2023 | When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. | |||
| CVE-2021-33637 | 0.00 | — | 0.00 | Oct 29, 2023 | When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. | |||
| CVE-2021-33636 | 0.00 | — | 0.00 | Oct 29, 2023 | When the isula load command is used to load malicious images, attackers can execute arbitrary code. | |||
| CVE-2021-33635 | 0.00 | — | 0.01 | Oct 29, 2023 | When malicious images are pulled by isula pull, attackers can execute arbitrary code. | |||
| CVE-2021-33634 | 0.00 | — | 0.00 | Oct 29, 2023 | iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS. |
- risk 0.46cvss 7.0epss 0.00
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad…
- CVE-2021-33638Oct 29, 2023risk 0.00cvss —epss 0.00
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.
- CVE-2021-33637Oct 29, 2023risk 0.00cvss —epss 0.00
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.
- CVE-2021-33636Oct 29, 2023risk 0.00cvss —epss 0.00
When the isula load command is used to load malicious images, attackers can execute arbitrary code.
- CVE-2021-33635Oct 29, 2023risk 0.00cvss —epss 0.01
When malicious images are pulled by isula pull, attackers can execute arbitrary code.
- CVE-2021-33634Oct 29, 2023risk 0.00cvss —epss 0.00
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.