MidnightBSD

Advisories for openeuler

CVE-2021-33629 MEDIUM

isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openeuler isula-build *
CVE-2021-33634

iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
securities@openeuler.org 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 1.8 4.0

Products Affected

Vendor Product Version
openeuler icr *
CVE-2021-33635

When malicious images are pulled by isula pull, attackers can execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
securities@openeuler.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
openeuler isula 2.0.8-20210518.144540
openeuler isula 2.0.18-10
openeuler isula 2.1.2
CVE-2021-33636

When the isula load command is used to load malicious images, attackers can execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securities@openeuler.org 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openeuler isula 2.0.8-20210518.144540
openeuler isula 2.0.18-10
openeuler isula 2.1.2
CVE-2021-33637

When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securities@openeuler.org 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N 2.0 4.0

Products Affected

Vendor Product Version
openeuler isula 2.0.8-20210518.144540
openeuler isula 2.0.18-10
openeuler isula 2.1.2
CVE-2021-33638

When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
securities@openeuler.org 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N 2.0 4.0

Products Affected

Vendor Product Version
openeuler isula 2.0.8-20210518.144540
openeuler isula 2.0.18-10
openeuler isula 2.1.2
CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).

Products Affected

Vendor Product Version
openeuler byacc *
CVE-2021-33642

When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.

Products Affected

Vendor Product Version
openeuler byacc *